Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win7 : Computer Freeze / Bluescreen (https://www.trojaner-board.de/139467-win7-computer-freeze-bluescreen.html)

JeskoDr 07.08.2013 10:58
Win7 : Computer Freeze / Bluescreen
 
Hallo zusammen,

ich habe seit einigen Tagen das Problem, dass mein PC nach ~ 1 Stunde entweder "freezed" oder ein Bluescreen erscheint.
Beim Freeze kann ich die Maus noch bewegen, jedoch keine Aktionen ausführen.

Versucht hab ich bisher folgendes:

* Systemwiederherstellung
* CCleaner / TuneUp Utilities
* Alle RAM Möglichkeiten getestet + Memtest / Staub entfernt / Kabelverbindungen überprüft
* Viren Scan / Malwarebytes / FRST / GMER (Logs s. Code)
* Aktuelle Treiber

Logs:

FRST:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-08-2013
Ran by (administrator) on 07-08-2013 09:37:09
Running from C:\Users\Jesko\\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Spotify Ltd) C:\Users\Jesko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Spotify Ltd) C:\Users\Jesko\AppData\Roaming\Spotify\spotify.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x64\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x64\LCDPop3.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\wmi64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [110360 2011-06-14] (Logitech Inc.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Jesko\AppData\Local\Akamai\netsession_win.exe [4440896 2012-08-10] (Akamai Technologies, Inc.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Jesko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-05] (Spotify Ltd)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-11-18] (AMD)
HKCU\...\Run: [Spotify] - C:\Users\Jesko\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-07-05] (Spotify Ltd)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
MountPoints2: F - F:\setup.exe
MountPoints2: G - G:\Autorun.exe
MountPoints2: {0ac91fe4-c5f2-11e1-a3f1-1c6f65cfd8b5} - F:\setup.exe
MountPoints2: {a9add1a7-167f-11e1-91af-1c6f65cfd8b5} - I:\LaunchU3.exe -a
MountPoints2: {d2807991-bade-11e0-a297-806e6f6e6963} - D:\Run.exe
MountPoints2: {e04ed454-3eea-11e2-8f32-1c6f65cfd8b5} - F:\autorun.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
IMEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe"
IMEO\hamachi-2-ui.exe: [Debugger] "C:\Program Files (x86)\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe"
IMEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe"
IMEO\msnmsgr.exe: [Debugger] "C:\Program Files (x86)\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe"
IMEO\rim.desktop.exe: [Debugger] "C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe"
IMEO\tunngle.exe: [Debugger] "C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe"
IMEO\unins000.exe: [Debugger] "C:\Program Files\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
SearchScopes: HKCU - {50FF9B20-46F7-4487-A409-95F40C93B8B1} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll (Kaspersky Lab)
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: msdaipp - No CLSID Value -
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Jesko\AppData\Roaming\Mozilla\Firefox\Profiles\d1zno8qn.default
FF SelectedSearchEngine: FileConverter 1.3 Customized Web Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3241949&SearchSource=13
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241949&SearchSource=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @pptv.com/plugin - C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.0.54\npplugin2.dll (PPLive Corporation)
FF Plugin-x32: @rim.com/npappworld - C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jesko\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Jesko\AppData\Roaming\Mozilla\Firefox\Profiles\d1zno8qn.default\searchplugins\fileconverter-13-customized-web-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Firefox\Extensions:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Jesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Jesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Jesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (TV) - C:\Users\Jesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph\2.5_0
CHR Extension: (Adblock Plus) - C:\Users\Jesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.3_0
CHR Extension: (Google Search) - C:\Users\Jesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Jesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.2.558_0
CHR Extension: (Tampermonkey) - C:\Users\Jesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.3.3487_0
CHR Extension: (Google Calendar) - C:\Users\Jesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: (AdBlock) - C:\Users\Jesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0
CHR Extension: (Safe Money) - C:\Users\Jesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.2.558_0
CHR Extension: (Virtual Keyboard) - C:\Users\Jesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.2.558_0
CHR Extension: (Gmail) - C:\Users\Jesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Anti-Banner) - C:\Users\Jesko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.2.558_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356968 2012-12-20] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-02-12] ()
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-06-11] ()
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-05] (DT Soft Ltd)
S3 gdrv; C:\Windows\gdrv.sys [25640 2011-08-26] (Windows (R) Server 2003 DDK provider)
S3 gdrv; C:\Windows\gdrv.sys [25640 2011-08-26] (Windows (R) Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-08-07] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2011-08-07] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-07-15] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-09-03] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-09-03] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-15] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-07-15] (Kaspersky Lab ZAO)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-06-11] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [75384 2009-02-03] (Protection Technology (StarForce))
R0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77432 2009-02-03] (Protection Technology (StarForce))
R0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [79800 2012-06-19] (Protection Technology (StarForce))
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [107384 2007-02-08] (Protection Technology (StarForce))
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2012-12-05] (Duplex Secure Ltd.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-07 09:37 - 2013-08-07 09:37 - 00000000 ____D C:\FRST
2013-08-07 09:36 - 2013-08-07 09:36 - 01788943 _____ (Farbar) C:\Users\Jesko\Desktop\FRST64.exe
2013-08-07 09:34 - 2013-08-07 09:34 - 00050477 _____ C:\Users\Jesko\Desktop\Defogger.exe
2013-08-07 09:34 - 2013-08-07 09:34 - 00000582 _____ C:\Users\Jesko\Desktop\defogger_disable.log
2013-08-07 09:34 - 2013-08-07 09:34 - 00000020 _____ C:\Users\Jesko\defogger_reenable
2013-08-07 09:30 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-08-07 09:30 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-08-07 09:30 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-08-07 09:30 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-08-07 09:30 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-08-07 09:30 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-07 09:30 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-07 09:30 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-08-07 09:30 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-08-07 09:30 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-08-07 09:30 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-08-07 09:30 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-08-07 09:30 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-07 09:30 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-08-07 09:30 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-08-07 09:30 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-08-07 09:30 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-08-07 09:30 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-07 09:30 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-08-07 09:30 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-08-07 09:30 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-08-07 09:30 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-07 09:30 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-08-07 09:30 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-07 09:30 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAT.DLL
2013-08-07 09:29 - 2013-08-07 09:29 - 00000000 ____D C:\Windows\system32\MRT
2013-08-07 09:23 - 2013-08-07 09:23 - 00040005 _____ C:\Users\Jesko\Desktop\106689.user.js
2013-08-07 09:23 - 2013-08-07 09:23 - 00040005 _____ C:\Users\Jesko\Desktop\106689 (1).user.js
2013-08-07 09:21 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-08-07 09:21 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-08-07 09:21 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-08-07 09:21 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-08-07 09:21 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-08-07 09:21 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-08-07 09:21 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-08-07 09:21 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-08-07 09:21 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-08-06 22:58 - 2013-08-07 00:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-06 18:33 - 2013-08-06 18:33 - 00000000 ____D C:\Intel
2013-08-05 18:08 - 2013-08-05 18:08 - 00000000 ____D C:\Users\Jesko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-05 17:54 - 2013-08-05 17:54 - 00000000 ____D C:\Program Files (x86)\Geeks3D
2013-08-05 17:51 - 2013-08-06 18:30 - 00000000 ____D C:\Program Files\CPUID
2013-08-05 14:05 - 1998-11-17 13:44 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2013-08-04 23:56 - 2013-08-04 23:56 - 00000000 ____D C:\ProgramData\ATI
2013-07-30 21:18 - 2013-07-30 21:18 - 00036132 _____ C:\ComboFix.txt
2013-07-30 21:13 - 2013-08-05 10:10 - 00000000 ____D C:\Windows\erdnt
2013-07-30 21:13 - 2013-07-30 21:18 - 00000000 ____D C:\Qoobox
2013-07-30 19:59 - 2013-08-05 10:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-30 19:59 - 2013-07-30 19:59 - 00000000 ____D C:\Users\Jesko\AppData\Roaming\Malwarebytes
2013-07-30 19:59 - 2013-07-30 19:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-28 22:35 - 2013-07-28 22:35 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-07-12 18:57 - 2013-07-12 18:57 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-07-11 01:04 - 2013-07-11 01:04 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-07-11 00:46 - 2013-07-11 00:46 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-07-11 00:46 - 2013-07-11 00:46 - 00000000 ____D C:\Users\Jesko\AppData\Roaming\Samsung
2013-07-11 00:46 - 2013-07-11 00:46 - 00000000 ____D C:\Users\Jesko\AppData\Local\Samsung
2013-07-11 00:45 - 2013-07-11 00:46 - 00000000 ____D C:\ProgramData\Samsung
2013-07-11 00:45 - 2013-07-11 00:46 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-07-11 00:45 - 2013-05-22 20:43 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2013-07-11 00:45 - 2013-05-22 20:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2013-07-10 16:03 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 16:03 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 16:03 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 16:03 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 16:01 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 16:00 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 16:00 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 13:28 - 2012-07-11 17:09 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2013-07-10 13:28 - 2011-06-02 14:39 - 00084536 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2013-07-10 13:28 - 2011-06-02 14:39 - 00066616 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2013-07-10 13:27 - 2013-07-15 13:51 - 00620128 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-07-10 13:27 - 2013-07-15 13:51 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-07-10 13:27 - 2013-07-10 13:27 - 00000000 ____D C:\Windows\ELAMBKUP
2013-07-10 13:27 - 2013-07-10 13:27 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-07-10 13:26 - 2013-08-07 09:35 - 00057152 _____ C:\Windows\PFRO.log
2013-07-10 13:11 - 2013-07-10 13:11 - 00000000 ___SD C:\Users\Jesko\Documents\Passwords Database
2013-07-09 13:26 - 2013-07-09 13:26 - 00000000 ____D C:\Users\Jesko\AppData\Local\http___www.julien-manici

==================== One Month Modified Files and Folders =======

2013-08-07 09:36 - 2013-08-07 09:36 - 01788943 _____ (Farbar) C:\Users\Jesko\Desktop\FRST64.exe
2013-08-07 09:36 - 2013-05-27 23:38 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-07 09:35 - 2013-07-10 13:26 - 00057152 _____ C:\Windows\PFRO.log
2013-08-07 09:35 - 2013-06-16 22:32 - 00018841 _____ C:\Windows\setupact.log
2013-08-07 09:35 - 2013-01-12 12:40 - 00000000 ____D C:\Users\Jesko\AppData\Roaming\Spotify
2013-08-07 09:35 - 2011-08-29 16:37 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-07 09:35 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-07 09:34 - 2013-08-07 09:34 - 00050477 _____ C:\Users\Jesko\Desktop\Defogger.exe
2013-08-07 09:34 - 2013-08-07 09:34 - 00000582 _____ C:\Users\Jesko\Desktop\defogger_disable.log
2013-08-07 09:34 - 2013-08-07 09:34 - 00000020 _____ C:\Users\Jesko\defogger_reenable
2013-08-07 09:34 - 2011-07-30 21:40 - 00000000 ____D C:\Users\Jesko
2013-08-07 09:34 - 2011-07-30 21:26 - 02031716 _____ C:\Windows\WindowsUpdate.log
2013-08-07 09:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-07 09:30 - 2013-08-07 09:29 - 00000000 ____D C:\Windows\system32\MRT
2013-08-07 09:23 - 2013-08-07 09:23 - 00040005 _____ C:\Users\Jesko\Desktop\106689.user.js
2013-08-07 09:23 - 2013-08-07 09:23 - 00040005 _____ C:\Users\Jesko\Desktop\106689 (1).user.js
2013-08-07 09:20 - 2009-07-14 06:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-07 09:20 - 2009-07-14 06:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-07 09:17 - 2009-07-14 19:58 - 17009510 _____ C:\Windows\system32\perfh007.dat
2013-08-07 09:17 - 2009-07-14 19:58 - 05289618 _____ C:\Windows\system32\perfc007.dat
2013-08-07 09:17 - 2009-07-14 07:13 - 00006252 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-07 09:13 - 2012-10-10 23:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-07 00:07 - 2013-08-06 22:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-06 23:50 - 2011-08-29 16:37 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 23:43 - 2012-05-18 17:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-06 22:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-08-06 18:33 - 2013-08-06 18:33 - 00000000 ____D C:\Intel
2013-08-06 18:30 - 2013-08-05 17:51 - 00000000 ____D C:\Program Files\CPUID
2013-08-05 23:32 - 2011-07-30 23:00 - 00000000 ____D C:\Users\Jesko\AppData\Roaming\Skype
2013-08-05 22:45 - 2011-07-30 22:53 - 00000000 ____D C:\Program Files\WinRAR
2013-08-05 18:14 - 2013-04-10 12:14 - 00003704 _____ C:\Windows\System32\Tasks\Java Update Scheduler
2013-08-05 18:14 - 2012-10-09 12:43 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2013-08-05 18:14 - 2012-10-07 17:52 - 00000000 ____D C:\Users\Jesko\AppData\Local\Downloaded Installations
2013-08-05 18:08 - 2013-08-05 18:08 - 00000000 ____D C:\Users\Jesko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-05 17:54 - 2013-08-05 17:54 - 00000000 ____D C:\Program Files (x86)\Geeks3D
2013-08-05 14:05 - 2011-10-18 17:00 - 00000000 ____D C:\Users\Jesko\AppData\Roaming\DAEMON Tools Lite
2013-08-05 12:44 - 2013-01-12 12:41 - 00000000 ____D C:\Users\Jesko\AppData\Local\Spotify
2013-08-05 10:11 - 2013-07-30 19:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 10:11 - 2013-05-02 21:24 - 00000000 ____D C:\Users\Jesko\AppData\Roaming\vlc
2013-08-05 10:11 - 2011-09-30 16:55 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-05 10:11 - 2011-07-31 14:16 - 00000000 ____D C:\Users\Jesko\AppData\Roaming\IrfanView
2013-08-05 10:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-05 10:10 - 2013-07-30 21:13 - 00000000 ____D C:\Windows\erdnt
2013-08-05 10:10 - 2013-05-28 13:22 - 00000000 ____D C:\Users\Jesko\AppData\Local\LogMeIn Hamachi
2013-08-05 10:10 - 2012-12-05 17:31 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-08-05 10:10 - 2012-06-29 18:53 - 00000000 ____D C:\Program Files (x86)\Opera
2013-08-05 10:10 - 2012-04-16 16:10 - 00000000 ____D C:\ProgramData\Battle.net
2013-08-05 10:10 - 2011-10-18 17:00 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-08-05 10:10 - 2011-08-12 16:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-05 10:10 - 2011-07-30 23:00 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-05 10:10 - 2011-07-30 23:00 - 00000000 ____D C:\ProgramData\Skype
2013-08-05 10:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-05 10:09 - 2013-01-24 22:26 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-08-05 10:09 - 2011-08-13 16:28 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-04 23:56 - 2013-08-04 23:56 - 00000000 ____D C:\ProgramData\ATI
2013-08-04 23:56 - 2012-05-06 11:44 - 00000000 ____D C:\ProgramData\AMD
2013-08-04 23:56 - 2011-07-31 10:06 - 00000000 ____D C:\Program Files\ATI Technologies
2013-07-30 21:18 - 2013-07-30 21:18 - 00036132 _____ C:\ComboFix.txt
2013-07-30 21:18 - 2013-07-30 21:13 - 00000000 ____D C:\Qoobox
2013-07-30 20:09 - 2011-07-30 22:03 - 00000000 ____D C:\Windows\Panther
2013-07-30 19:59 - 2013-07-30 19:59 - 00000000 ____D C:\Users\Jesko\AppData\Roaming\Malwarebytes
2013-07-30 19:59 - 2013-07-30 19:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-28 22:35 - 2013-07-28 22:35 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-07-15 13:51 - 2013-07-10 13:27 - 00620128 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-07-15 13:51 - 2013-07-10 13:27 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-07-15 13:51 - 2012-10-18 14:50 - 00054368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-07-15 13:51 - 2012-08-13 16:49 - 00178448 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2013-07-15 11:30 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 07:45 - 2011-08-29 16:37 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 07:45 - 2011-08-29 16:37 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 18:57 - 2013-07-12 18:57 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-07-12 04:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-11 01:04 - 2013-07-11 01:04 - 00000000 ____D C:\Program Files (x86)\MyFree Codec
2013-07-11 00:46 - 2013-07-11 00:46 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-07-11 00:46 - 2013-07-11 00:46 - 00000000 ____D C:\Users\Jesko\AppData\Roaming\Samsung
2013-07-11 00:46 - 2013-07-11 00:46 - 00000000 ____D C:\Users\Jesko\AppData\Local\Samsung
2013-07-11 00:46 - 2013-07-11 00:45 - 00000000 ____D C:\ProgramData\Samsung
2013-07-11 00:46 - 2013-07-11 00:45 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-07-11 00:45 - 2011-07-30 21:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-10 18:38 - 2009-07-14 06:45 - 00468408 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 18:37 - 2013-03-14 03:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 18:37 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 18:37 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 18:34 - 2011-09-30 16:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 18:26 - 2013-03-14 03:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 18:26 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2013-07-10 13:27 - 2013-07-10 13:27 - 00000000 ____D C:\Windows\ELAMBKUP
2013-07-10 13:27 - 2013-07-10 13:27 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-07-10 13:11 - 2013-07-10 13:11 - 00000000 ___SD C:\Users\Jesko\Documents\Passwords Database
2013-07-09 13:26 - 2013-07-09 13:26 - 00000000 ____D C:\Users\Jesko\AppData\Local\http___www.julien-manici

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-06 19:12

==================== End Of Log ============================
Addition:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-08-2013
Ran by at 2013-08-07 09:37:24
Running from C:\Users\Jesko\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Akamai NetSession Interface (HKCU)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
ANNO 1602 Königs-Edition (x32 Version: 1.00)
ANNO 1602 Königs-Edition (x32)
Apple Application Support (x32 Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (x32 Version: 2.1.3.127)
ATI AVIVO64 Codecs (Version: 11.6.0.51118)
Audio Browser (x32 Version: 13.00.0000)
BlackBerry App World Browser Plugin (x32 Version: 4.2.0.9)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.37)
BlackBerry Device Software Updater (x32 Version: 7.1.0.34)
Bonjour (Version: 3.0.0.10)
Canon IJ Network Scanner Selector EX (x32)
Canon IJ Network Tool (x32)
Canon MG5300 series Benutzerregistrierung (x32)
Canon MG5300 series MP Drivers
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CDBurnerXP (x32 Version: 4.4.1.3243)
CPUID CPU-Z 1.65.1
CPUID HWMonitor 1.23
DAEMON Tools Lite (x32 Version: 4.46.1.0327)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Dropbox (HKCU Version: 1.6.16)
eaner (Version: 3.17)
EPSON-Drucker-Software
EVEREST Home Edition v2.20 (x32 Version: 2.20)
Free YouTube to MP3 Converter version 3.11.33.1005 (x32 Version: 3.11.33.1005)
Freez FLV to MP3 Converter (x32 Version: 1.5)
FUSSBALL MANAGER 13 (x32 Version: 1.0.4.0)
Geeks3D FurMark 1.11.0 (x32)
Google Chrome (x32 Version: 28.0.1500.95)
Google Update Helper (x32 Version: 1.3.21.153)
Hearts of Iron III - Their Finest Hour version 4.01 (x32 Version: 4.01)
HydraVision (x32 Version: 4.2.184.0)
ICQ7.7 (x32 Version: 7.7)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1118)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.0.1008)
IrfanView (remove only) (x32 Version: 4.30)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
JDownloader 0.9 (x32 Version: 0.9)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558)
K-Lite Mega Codec Pack 8.6.0 (x32 Version: 8.6.0)
League of Legends (x32 Version: 1.02.0000)
Logitech Gaming Software 8.00 (Version: 8.00.127)
LogMeIn Hamachi (x32 Version: 2.1.0.374)
LOLReplay (x32 Version: 0.8.2.1)
Media converter (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017)
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010 Express - DEU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.30319)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017)
MKVToolNix 5.8.0 (x32 Version: 5.8.0)
Mozilla Firefox 16.0.2 (x86 de) (x32 Version: 16.0.2)
Mozilla Maintenance Service (x32 Version: 17.0.8)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyFreeCodec (HKCU)
Notepad++ (x32 Version: 5.9.8)
NVIDIA PhysX (x32 Version: 9.09.0814)
OpenAL (x32)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Opera 12.00 (x32 Version: 12.00.1467)
Origin (x32 Version: 9.1.10.2728)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017)
PDF Architect (x32 Version: 1.0.52.8917)
PDFCreator (x32 Version: 1.6.2)
Project64 1.6 (x32 Version: 1.6)
Realtek Ethernet Controller Driver (x32 Version: 7.36.1224.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6282)
Recuva (Version: 1.46)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0)
Rise and Fall (x32 Version: 1.00.0000)
Samsung Kies (x32 Version: 2.5.3.13052_10)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0)
SimCity™ (x32 Version: 1.0.0.0)
Skype™ 6.3 (x32 Version: 6.3.107)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
StarCraft II (x32 Version: 1.4.4.22418)
Stronghold (x32 Version: 1.20.0000)
Stronghold 2 (x32 Version: 1.40.1000)
Stronghold Crusader Extreme (x32 Version: 1.20.0000)
Stronghold Legends (x32 Version: 1.20.0000)
TeamSpeak 3 Client (Version: 3.0.10)
TeamViewer 8 (x32 Version: 8.0.18930)
TERA (x32 Version: 19.04.02.03.hf3)
TreeSize Free V2.7 (x32 Version: 2.7)
Tunngle beta (x32)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Access 2013 (KB2760350) 64-Bit Edition
Update for Microsoft Excel 2013 (KB2760339) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752094) 64-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760538) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767851) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767860) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2810010) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817320) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817482) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817489) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817492) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2768011) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2817467) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2817468) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2810006) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817469) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition
Update for Microsoft Word 2013 (KB2767863) 64-Bit Edition
Update for Microsoft Word 2013 (KB2810086) 64-Bit Edition
VLC media player 2.0.6 (Version: 2.0.6)
Warhammer 40,000™ Dawn of War - Complete Collection (Hi-Res) (x32 Version: 1.0)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
Youtube Downloader HD v. 2.9.5 (x32)

==================== Restore Points  =========================

07-08-2013 07:27:23 Windows Update

==================== Hosts content: ==========================

2011-10-14 16:53 - 2012-11-17 12:00 - 00001119 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.die-kreuzzuege.de
127.0.0.1 die-kreuzzuege.de
127.0.0.1 hxxp://www.die-kreuzzuege.de
127.0.0.1 hxxp://speed.die-kreuzzuege.de/
127.0.0.1 hxxp://speed.die-kreuzzuege.de/modules/ranking.php?extern=true
127.0.0.1 hxxp://server2.die-kreuzzuege.de/modules/ranking.php?extern=true


==================== Scheduled Tasks (whitelisted) =============

Task: {13D10D52-EC5C-4D51-A15B-DBD3DF8568D3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2C726C09-9372-465B-9DC3-BEE64218BF95} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {35135540-E717-442B-8BAE-7F0A762919EC} - System32\Tasks\InstallShield Software-Aktualisierungsdienst => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2005-02-17] (InstallShield Software Corporation)
Task: {5C38D200-1D4E-4591-8F1E-2CE3E70D4641} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {5E8EF315-FD36-4730-ADAA-E974E716AC67} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6F64A003-953A-4203-AC0B-F0EB474B6C9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-29] (Google Inc.)
Task: {9AAC3541-515A-4C22-810A-FC910CA2D776} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {B374FDC6-934F-4963-A686-5B3F81E33C7E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {BACDE71E-67C5-4462-9C15-7C55DA30D0F3} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {BC9EDFD0-D02B-4188-B882-538A9D77ECFC} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {BD4CF106-08BA-4381-B561-49B8EE10CD7E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-29] (Google Inc.)
Task: {BFB1BA28-56D9-4940-9EAA-421B5B11009E} - System32\Tasks\{92607478-0900-4F9D-B691-39CD540A7E0E} => C:\Users\Jesko\Desktop\qc1150.exe No File
Task: {D99D2BE9-1EBE-48FC-B2A0-B02ACEC31B3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/07/2013 09:29:02 AM) (Source: Microsoft-Windows-LoadPerf) (User: JD)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "ASP.NET" (ASP.NET). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (08/07/2013 09:29:02 AM) (Source: Microsoft-Windows-LoadPerf) (User: JD)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/07/2013 09:29:02 AM) (Source: Microsoft-Windows-LoadPerf) (User: JD)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/07/2013 09:28:59 AM) (Source: Microsoft-Windows-LoadPerf) (User: JD)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "ASP.NET" (ASP.NET). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (08/07/2013 09:28:59 AM) (Source: Microsoft-Windows-LoadPerf) (User: JD)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/07/2013 09:28:59 AM) (Source: Microsoft-Windows-LoadPerf) (User: JD)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/07/2013 09:28:59 AM) (Source: Microsoft-Windows-LoadPerf) (User: JD)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "aspnet_state" (ASP.NET-Zustandsdienst). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (08/07/2013 09:28:59 AM) (Source: Microsoft-Windows-LoadPerf) (User: JD)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/07/2013 09:28:59 AM) (Source: Microsoft-Windows-LoadPerf) (User: JD)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (08/07/2013 09:28:47 AM) (Source: Microsoft-Windows-LoadPerf) (User: JD)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "Windows Workflow Foundation 4.0.0.0" (Windows Workflow Foundation 4.0.0.0). Der Fehlercode ist das erste DWORD im Datenbereich.


System errors:
=============
Error: (08/07/2013 09:35:31 AM) (Source: sfsync04) (User: )
Description:

Error: (08/07/2013 09:13:16 AM) (Source: sfsync04) (User: )
Description:

Error: (08/06/2013 11:49:08 PM) (Source: sfsync04) (User: )
Description:

Error: (08/06/2013 11:49:11 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎06.‎08.‎2013 um 23:46:54 unerwartet heruntergefahren.

Error: (08/06/2013 10:47:55 PM) (Source: sfsync04) (User: )
Description:

Error: (08/06/2013 10:48:05 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎06.‎08.‎2013 um 19:23:08 unerwartet heruntergefahren.

Error: (08/06/2013 06:24:08 PM) (Source: sfsync04) (User: )
Description:

Error: (08/06/2013 06:24:11 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎06.‎08.‎2013 um 18:20:10 unerwartet heruntergefahren.

Error: (08/06/2013 05:22:10 PM) (Source: sfsync04) (User: )
Description:

Error: (08/06/2013 05:03:44 PM) (Source: sfsync04) (User: )
Description:


Microsoft Office Sessions:
=========================
Error: (08/07/2013 09:29:02 AM) (Source: Microsoft-Windows-LoadPerf)(User: JD)
Description: ASP.NETASP.NET8F20300004D070000

Error: (08/07/2013 09:29:02 AM) (Source: Microsoft-Windows-LoadPerf)(User: JD)
Description: Performance1637070000000000000000000009030000

Error: (08/07/2013 09:29:02 AM) (Source: Microsoft-Windows-LoadPerf)(User: JD)
Description: Performance1637070000000000000000000009030000

Error: (08/07/2013 09:28:59 AM) (Source: Microsoft-Windows-LoadPerf)(User: JD)
Description: ASP.NETASP.NET8F20300004D070000

Error: (08/07/2013 09:28:59 AM) (Source: Microsoft-Windows-LoadPerf)(User: JD)
Description: Performance1637070000000000000000000009030000

Error: (08/07/2013 09:28:59 AM) (Source: Microsoft-Windows-LoadPerf)(User: JD)
Description: Performance1637070000000000000000000009030000

Error: (08/07/2013 09:28:59 AM) (Source: Microsoft-Windows-LoadPerf)(User: JD)
Description: aspnet_stateASP.NET-Zustandsdienst8F20300004D070000

Error: (08/07/2013 09:28:59 AM) (Source: Microsoft-Windows-LoadPerf)(User: JD)
Description: Performance1637070000000000000000000009030000

Error: (08/07/2013 09:28:59 AM) (Source: Microsoft-Windows-LoadPerf)(User: JD)
Description: Performance1637070000000000000000000009030000

Error: (08/07/2013 09:28:47 AM) (Source: Microsoft-Windows-LoadPerf)(User: JD)
Description: Windows Workflow Foundation 4.0.0.0Windows Workflow Foundation 4.0.0.08F20300004D070000


CodeIntegrity Errors:
===================================
  Date: 2013-07-30 21:17:02.702
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-30 21:17:02.671
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-11 00:31:36.493
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-11 00:31:36.493
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-11 00:31:36.493
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-11 00:31:36.478
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-11 00:31:36.478
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-11 00:31:36.478
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-10 15:20:24.449
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-10 15:20:24.449
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 4079.36 MB
Available physical RAM: 2029.69 MB
Total Pagefile: 8156.9 MB
Available Pagefile: 5600.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.53 GB) (Free:12.69 GB) NTFS (Disk=0 Partition=2)
Drive e: (Volume) (Fixed) (Total:1397.26 GB) (Free:543.28 GB) NTFS (Disk=1 Partition=1)
Drive g: () (Removable) (Total:3.75 GB) (Free:2.84 GB) FAT32 (Disk=2 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: 2DD9370A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1397 GB) (Disk ID: FA7CFA7C)
Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================
GMER:
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-07 09:59:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 M4-CT064 rev.0001 59,63GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Jesko\AppData\Local\Temp\pxldypow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\SysWOW64\PnkBstrA.exe[1804] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                          0000000073e71a22 2 bytes [E7, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1804] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                          0000000073e71ad0 2 bytes [E7, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1804] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                          0000000073e71b08 2 bytes [E7, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1804] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                          0000000073e71bba 2 bytes [E7, 73]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1804] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                          0000000073e71bda 2 bytes [E7, 73]
.text  C:\Users\AppData\Roaming\Spotify\spotify.exe[3308] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                            0000000076ee000c 1 byte [C3]
.text  C:\Users\AppData\Roaming\Spotify\spotify.exe[3308] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                        0000000076f6f85a 5 bytes JMP 0000000176f1d571
.text  C:\Users\AppData\Roaming\Spotify\spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000076ea1465 2 bytes [EA, 76]
.text  C:\Users\AppData\Roaming\Spotify\spotify.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                0000000076ea14bb 2 bytes [EA, 76]
.text  ...                                                                                                                              * 2
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3364] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint      0000000076ee000c 1 byte [C3]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3364] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin  0000000076f6f85a 5 bytes JMP 0000000176f1d571

---- Kernel IAT/EAT - GMER 2.1 ----

IAT    C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback]                                                                  [fffff88007136d18] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]

---- Trace I/O - GMER 2.1 ----

Trace  ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8005703830]<< sfsync04.sys iaStor.sys                                      fffffa8005703830
Trace  1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005804060]                                                                  fffffa8005804060
Trace  3 CLASSPNP.SYS[fffff88000ec243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003cfa050]                      fffffa8003cfa050
Trace  \Driver\iaStor[0xfffffa80038a4850] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8005703830                                      fffffa8005703830

---- Threads - GMER 2.1 ----

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2872:2888]                                                          0000000074ba7587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2872:2892]                                                          0000000072110cb3
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2872:2920]                                                          0000000076f22e25
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2872:5352]                                                          0000000076f23e45
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2872:1932]                                                          0000000076f27111
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2872:6004]                                                          0000000076f23e45
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2872:3532]                                                          0000000076f23e45

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                              C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                              0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                          0x34 0xFA 0x6F 0xBC ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                       
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                    0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                  0x52 0x72 0xE4 0x25 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                          0x95 0xB8 0xA2 0x76 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                           
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                  0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                              0x34 0xFA 0x6F 0xBC ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                   
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                        0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                      0x52 0x72 0xE4 0x25 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)           
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                              0x95 0xB8 0xA2 0x76 ...

---- EOF - GMER 2.1 ----
Malwarebytes:
Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.07.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jesko :: JD [Administrator]

Schutz: Deaktiviert

07.08.2013 10:43:18
MBAM-log-2013-08-07 (10-45-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 223880
Laufzeit: 1 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSNMSGR.EXE (Security.Hijack) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msnmsgr.exe|Debugger (Security.Hijack) -> Daten: "C:\Program Files (x86)\TuneUpPortable\App\TuneUp\TUAutoReactivator32.exe" -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Vielen Dank schon mal im Vorraus!
LG

t'john 07.08.2013 23:02
:hallo:

Combofix auszufuhren war keine gute Idee.

Poste das Log von: C:\ComboFix.txt

JeskoDr 08.08.2013 07:44
Code:
ComboFix 13-07-30.03 - Jesko 30.07.2013  21:14:15.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.7671.6230 [GMT 2:00]
ausgeführt von:: c:\users\Jesko\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Jesko\AppData\Roaming\chrtmp
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\SysWow64\tmp71F8.tmp
c:\windows\SysWow64\tmp9AF7.tmp
c:\windows\SysWow64\tmp9B17.tmp
c:\windows\SysWow64\tmpD078.tmp
c:\windows\SysWow64\tmpD098.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-06-28 bis 2013-07-30  ))))))))))))))))))))))))))))))
.
.
2013-07-30 19:17 . 2013-07-30 19:17        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-07-30 17:59 . 2013-07-30 17:59        --------        d-----w-        c:\users\Jesko\AppData\Roaming\Malwarebytes
2013-07-30 17:59 . 2013-07-30 17:59        --------        d-----w-        c:\programdata\Malwarebytes
2013-07-30 17:59 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-07-30 17:59 . 2013-07-30 17:59        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-30 16:50 . 2013-07-02 08:34        9460976        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D59925D9-3A40-413D-ADB6-7A92D7CEA29A}\mpengine.dll
2013-07-28 20:35 . 2013-07-28 20:35        --------        d-----w-        c:\program files (x86)\Ubisoft
2013-07-10 23:04 . 2013-07-10 23:04        --------        d-----w-        c:\program files (x86)\MyFree Codec
2013-07-10 22:46 . 2013-07-10 22:46        --------        d-----w-        c:\users\Jesko\AppData\Roaming\Samsung
2013-07-10 22:46 . 2013-07-10 22:46        --------        d-----w-        c:\users\Jesko\AppData\Local\Samsung
2013-07-10 22:45 . 2013-05-22 18:33        4659712        ----a-w-        c:\windows\SysWow64\Redemption.dll
2013-07-10 22:45 . 2013-05-22 18:43        821824        ----a-w-        c:\windows\SysWow64\dgderapi.dll
2013-07-10 22:45 . 2013-07-10 22:46        --------        d-----w-        c:\program files (x86)\Samsung
2013-07-10 22:45 . 2013-07-10 22:46        --------        d-----w-        c:\programdata\Samsung
2013-07-10 14:03 . 2013-06-04 06:00        624128        ----a-w-        c:\windows\system32\qedit.dll
2013-07-10 14:03 . 2013-06-04 04:53        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2013-07-10 14:03 . 2013-05-27 05:50        1011712        ----a-w-        c:\program files\Windows Defender\MpSvc.dll
2013-07-10 14:03 . 2013-05-27 05:50        571904        ----a-w-        c:\program files\Windows Defender\MpClient.dll
2013-07-10 14:03 . 2013-05-27 05:50        314880        ----a-w-        c:\program files\Windows Defender\MpCommu.dll
2013-07-10 14:03 . 2013-05-27 04:57        4608        ----a-w-        c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 14:03 . 2013-05-27 04:57        54784        ----a-w-        c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 14:03 . 2013-05-27 04:57        392704        ----a-w-        c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 14:03 . 2013-05-27 03:15        9216        ----a-w-        c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 14:03 . 2013-05-06 06:03        1887744        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-07-10 14:03 . 2013-05-06 04:56        1620480        ----a-w-        c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 14:01 . 2013-06-05 03:34        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-07-10 14:01 . 2013-04-10 05:48        1732608        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 14:01 . 2013-04-10 05:46        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 14:01 . 2013-04-10 05:46        1393152        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 14:01 . 2013-04-10 05:46        1367040        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 14:01 . 2013-04-10 05:03        936448        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 14:00 . 2013-04-09 23:34        1247744        ----a-w-        c:\windows\SysWow64\DWrite.dll
2013-07-10 14:00 . 2013-04-02 22:51        1643520        ----a-w-        c:\windows\system32\DWrite.dll
2013-07-10 11:28 . 2012-07-11 15:09        64856        ----a-w-        c:\windows\system32\klfphc.dll
2013-07-10 11:28 . 2011-06-02 12:39        84536        ----a-w-        c:\windows\system32\drivers\CSCrySec.sys
2013-07-10 11:28 . 2011-06-02 12:39        66616        ----a-w-        c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2013-07-10 11:27 . 2013-07-10 11:27        --------        d-----w-        c:\windows\ELAMBKUP
2013-07-10 11:27 . 2013-07-10 11:27        --------        d-----w-        c:\program files (x86)\Kaspersky Lab
2013-07-10 11:27 . 2013-07-10 11:27        --------        d-----w-        c:\program files (x86)\Common Files\InfoWatch
2013-07-10 11:27 . 2013-07-15 11:51        90208        ----a-w-        c:\windows\system32\drivers\klflt.sys
2013-07-10 11:27 . 2013-07-15 11:51        620128        ----a-w-        c:\windows\system32\drivers\klif.sys
2013-07-09 11:26 . 2013-07-09 11:26        --------        d-----w-        c:\users\Jesko\AppData\Local\http___www.julien-manici
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-15 11:51 . 2012-10-18 12:50        54368        ----a-w-        c:\windows\system32\drivers\kltdi.sys
2013-07-15 11:51 . 2012-08-13 14:49        178448        ----a-w-        c:\windows\system32\drivers\kneps.sys
2013-07-10 16:31 . 2011-08-07 18:10        78185248        ----a-w-        c:\windows\system32\MRT.exe
2013-06-25 10:29 . 2013-06-25 10:29        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 10:29 . 2013-03-07 15:32        867240        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-06-25 10:29 . 2011-08-20 08:43        789416        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-06-12 15:43 . 2012-05-18 15:47        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 15:43 . 2011-07-31 09:24        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 07:15 . 2013-06-04 07:15        103448        ----a-w-        c:\windows\system32\drivers\ssudbus.sys
2013-06-04 07:15 . 2013-06-04 07:15        203672        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys
2013-05-22 18:43 . 2013-05-22 18:43        90112        ----a-w-        c:\windows\MAMCityDownload.ocx
2013-05-22 18:43 . 2013-05-22 18:43        30568        ----a-w-        c:\windows\MusiccityDownload.exe
2013-05-22 18:43 . 2013-05-22 18:43        330240        ----a-w-        c:\windows\MASetupCaller.dll
2013-05-22 18:43 . 2013-05-22 18:43        974848        ----a-w-        c:\windows\SysWow64\cis-2.4.dll
2013-05-22 18:43 . 2013-05-22 18:43        81920        ----a-w-        c:\windows\SysWow64\issacapi_bs-2.3.dll
2013-05-22 18:43 . 2013-05-22 18:43        65536        ----a-w-        c:\windows\SysWow64\issacapi_pe-2.3.dll
2013-05-22 18:43 . 2013-05-22 18:43        57344        ----a-w-        c:\windows\SysWow64\MTXSYNCICON.dll
2013-05-22 18:43 . 2013-05-22 18:43        57344        ----a-w-        c:\windows\SysWow64\MK_Lyric.dll
2013-05-22 18:43 . 2013-05-22 18:43        57344        ----a-w-        c:\windows\SysWow64\issacapi_se-2.3.dll
2013-05-22 18:43 . 2013-05-22 18:43        569344        ----a-w-        c:\windows\SysWow64\muzdecode.ax
2013-05-22 18:43 . 2013-05-22 18:43        491520        ----a-w-        c:\windows\SysWow64\muzapp.dll
2013-05-22 18:43 . 2013-05-22 18:43        49152        ----a-w-        c:\windows\SysWow64\MaJGUILib.dll
2013-05-22 18:43 . 2013-05-22 18:43        45320        ----a-w-        c:\windows\SysWow64\MAMACExtract.dll
2013-05-22 18:43 . 2013-05-22 18:43        45056        ----a-w-        c:\windows\SysWow64\MaXMLProto.dll
2013-05-22 18:43 . 2013-05-22 18:43        45056        ----a-w-        c:\windows\SysWow64\MACXMLProto.dll
2013-05-22 18:43 . 2013-05-22 18:43        40960        ----a-w-        c:\windows\SysWow64\MTTELECHIP.dll
2013-05-22 18:43 . 2013-05-22 18:43        352256        ----a-w-        c:\windows\SysWow64\MSLUR71.dll
2013-05-22 18:43 . 2013-05-22 18:43        258048        ----a-w-        c:\windows\SysWow64\muzoggsp.ax
2013-05-22 18:43 . 2013-05-22 18:43        245760        ----a-w-        c:\windows\SysWow64\MSCLib.dll
2013-05-22 18:43 . 2013-05-22 18:43        24576        ----a-w-        c:\windows\SysWow64\MASetupCleaner.exe
2013-05-22 18:43 . 2013-05-22 18:43        200704        ----a-w-        c:\windows\SysWow64\muzwmts.dll
2013-05-22 18:43 . 2013-05-22 18:43        172032        ----a-w-        c:\windows\SysWow64\muzapp.exe
2013-05-22 18:43 . 2013-05-22 18:43        155648        ----a-w-        c:\windows\SysWow64\MSFLib.dll
2013-05-22 18:43 . 2013-05-22 18:43        143360        ----a-w-        c:\windows\SysWow64\3DAudio.ax
2013-05-22 18:43 . 2013-05-22 18:43        135168        ----a-w-        c:\windows\SysWow64\muzaf1.dll
2013-05-22 18:43 . 2013-05-22 18:43        131072        ----a-w-        c:\windows\SysWow64\muzmpgsp.ax
2013-05-22 18:43 . 2013-05-22 18:43        122880        ----a-w-        c:\windows\SysWow64\muzeffect.ax
2013-05-22 18:43 . 2013-05-22 18:43        118784        ----a-w-        c:\windows\SysWow64\MaDRM.dll
2013-05-22 18:43 . 2013-05-22 18:43        110592        ----a-w-        c:\windows\SysWow64\muzmp4sp.ax
2013-05-13 05:51 . 2013-06-12 07:11        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 07:11        1464320        ----a-w-        c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 07:11        139776        ----a-w-        c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 07:11        52224        ----a-w-        c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 07:11        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 07:11        1160192        ----a-w-        c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 07:11        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 07:11        1192448        ----a-w-        c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 07:11        903168        ----a-w-        c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 07:11        43008        ----a-w-        c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 07:11        30720        ----a-w-        c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 07:11        24576        ----a-w-        c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 07:11        1910632        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2013-05-06 13:39 . 2013-05-15 07:36        9060352        ----a-w-        c:\windows\system32\mshtml.dll
2013-05-02 00:06 . 2011-08-06 11:04        278800        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-06-03 05:35        1725128        ----a-w-        c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-06-03 05:35        1725128        ----a-w-        c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-06-03 05:35        1725128        ----a-w-        c:\progra~2\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Jesko\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Jesko\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Jesko\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Jesko\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 16:20        459784        ----a-w-        c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Jesko\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Spotify Web Helper"="c:\users\Jesko\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-05 1104384]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-11-18 393216]
"Spotify"="c:\users\Jesko\AppData\Roaming\Spotify\Spotify.exe" [2013-07-05 4640768]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-05-23 1561968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2012-12-20 356968]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys;c:\windows\SYSNATIVE\drivers\sfdrv01a.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 05:50        1173456        ----a-w-        c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 15:43]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-29 14:37]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-29 14:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-06-03 05:33        2328264        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-06-03 05:33        2328264        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-06-03 05:33        2328264        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 16:22        492040        ----a-w-        c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-06-14 110360]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local;<local>
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm
IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm
IE: Free YouTube to MP3 Converter - c:\users\Jesko\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Jesko\AppData\Roaming\Mozilla\Firefox\Profiles\d1zno8qn.default\
FF - prefs.js: browser.search.selectedEngine - FileConverter 1.3 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3241949&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241949&SearchSource=2&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-{0E3DAF3D-FF69-345A-A99E-1FED304CA083}.KB2478663 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe
AddRemove-{0E3DAF3D-FF69-345A-A99E-1FED304CA083}.KB2518870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2633870 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2789642 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2804576 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2835393 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2840628 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-30  21:18:43
ComboFix-quarantined-files.txt  2013-07-30 19:18
.
Vor Suchlauf: 7.534.628.864 Bytes frei
Nach Suchlauf: 7.262.801.920 Bytes frei
.
- - End Of File - - 3725CBA78AC099A8EFBBFA33ABEA4629
D41D8CD98F00B204E9800998ECF8427E

t'john 10.08.2013 08:58
Bitte mal ausfuehren:
http://www.trojaner-board.de/72874-s...eparieren.html

Danach:
- neustarten
- berichten


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:39 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131