| Sabine74 | 17.10.2013 11:14 |
Windows 8: Virus PUP.Optional.OpenCandy
Hallo liebes Forum,
bei einem routinemäßigem Check mit Malwarebytes kam die Meldung
Infizierte Dateien: 1
C:\Users\Thomas\Downloads\FreeYouTubeDownload.exe (PUP.Optional.OpenCandy)
Ich habe aber danach nichts entfernt ode sonstiges getan mit Malwarebytes.
Log Malwarebytes: Code:
Code:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.10.17.03
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16721
Thomas :: PC-WOHNZIMMER [Administrator]
17.10.2013 11:36:57
MBAM-log-2013-10-17 (11-42-50).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 246189
Laufzeit: 5 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Users\Thomas\Downloads\FreeYouTubeDownload.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
(Ende)
Ich habe aber vorher keine Veränderungen an meinem PC festgestellt.
Nach Eurer Anleitung habe ich jetzt diverse Programme heruntergeladen und die Logs erstellt:
FRST.txt Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Thomas (administrator) on PC-WOHNZIMMER on 17-10-2013 11:48:20
Running from C:\Users\Thomas\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
() C:\Users\Thomas\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [692208 2012-12-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-06] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [4391072 2012-11-09] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-05-30] ()
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [266448 2013-06-21] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [214448 2013-06-21] (NVIDIA Corporation)
Startup: C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKLM - DefaultScope {CE8B75EB-17F6-4674-98BD-489442F37A2F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {CE8B75EB-17F6-4674-98BD-489442F37A2F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {CE8B75EB-17F6-4674-98BD-489442F37A2F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {CE8B75EB-17F6-4674-98BD-489442F37A2F} URL =
SearchScopes: HKCU - {CE8B75EB-17F6-4674-98BD-489442F37A2F} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\w3rjojfn.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\w3rjojfn.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\w3rjojfn.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\w3rjojfn.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\w3rjojfn.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\w3rjojfn.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: toolbar - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\w3rjojfn.default\Extensions\toolbar@web.de.xpi
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-02] (Kaspersky Lab ZAO)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-06] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-10-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [624224 2013-10-02] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-02] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-02] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [64608 2013-05-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178784 2013-06-06] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-17] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-17 11:48 - 2013-10-17 11:48 - 00000000 ____D C:\FRST
2013-10-17 11:47 - 2013-10-17 11:47 - 01954124 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2013-10-17 11:47 - 2013-10-17 11:47 - 00000474 _____ C:\Users\Thomas\Downloads\defogger_disable.log
2013-10-17 11:47 - 2013-10-17 11:47 - 00000000 _____ C:\Users\Thomas\defogger_reenable
2013-10-17 11:46 - 2013-10-17 11:46 - 00050477 _____ C:\Users\Thomas\Downloads\Defogger.exe
2013-10-15 12:58 - 2013-10-15 12:58 - 00002172 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-15 12:58 - 2013-10-15 12:58 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-10-15 12:58 - 2013-10-15 12:58 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-10-15 12:57 - 2013-10-15 12:57 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-10-14 21:10 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-10-14 21:10 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-10-14 21:10 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-10-14 21:10 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-10-14 21:10 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-10-14 21:10 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-10-14 21:10 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-10-14 21:10 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-10-14 21:10 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-10-14 21:10 - 2013-08-02 08:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-10-14 21:10 - 2013-08-02 08:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-10-14 21:10 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-10-14 21:10 - 2013-08-02 08:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-10-14 21:10 - 2013-08-02 07:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-10-14 21:10 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-10-14 21:10 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-10-14 21:10 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-10-14 21:10 - 2013-08-01 12:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-14 21:10 - 2013-07-31 01:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml
2013-10-14 21:10 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-10-14 21:10 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-10-14 21:10 - 2013-04-10 01:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-10-14 21:10 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-10-11 22:34 - 2013-10-11 22:34 - 00329552 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 15:48 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 15:48 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 15:48 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 15:48 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 15:48 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 15:48 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 15:48 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 15:48 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 15:48 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 15:48 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 15:48 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 15:48 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 15:48 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 15:48 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 15:48 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 15:48 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 15:48 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 15:48 - 2013-07-06 02:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 15:48 - 2013-07-04 04:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 15:48 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-10-10 15:48 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-10-10 15:48 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 15:48 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 15:48 - 2013-04-29 00:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-10-10 15:48 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 15:48 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 15:48 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 15:48 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 15:48 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 15:48 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 15:48 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-10-10 15:48 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 15:48 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 15:47 - 2013-08-23 07:11 - 04040192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 15:47 - 2013-07-20 00:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 15:47 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 15:47 - 2013-07-06 00:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 15:47 - 2013-07-06 00:01 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 15:47 - 2013-07-02 03:41 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-10-10 15:47 - 2013-07-02 03:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-10-10 15:47 - 2013-07-02 03:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-10-10 15:47 - 2013-07-02 00:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 15:47 - 2013-07-02 00:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2013-10-10 15:47 - 2013-07-01 03:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-10 15:47 - 2013-07-01 03:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-10 15:47 - 2013-07-01 03:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-10 15:47 - 2013-07-01 03:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-10 15:47 - 2013-06-29 05:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 15:47 - 2013-06-29 05:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 15:47 - 2013-06-29 05:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-10 15:47 - 2013-06-29 05:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-10 15:47 - 2013-06-22 07:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 15:47 - 2013-06-22 07:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-10 15:47 - 2013-05-27 01:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 15:47 - 2013-05-27 00:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 15:47 - 2013-05-25 05:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 15:47 - 2013-05-25 04:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-05 13:03 - 2013-10-05 13:03 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-05 13:02 - 2013-10-05 13:03 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-05 13:02 - 2013-10-05 13:03 - 00000000 ____D C:\Program Files\iTunes
2013-10-05 13:02 - 2013-10-05 13:03 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-05 13:02 - 2013-10-05 13:02 - 00000000 ____D C:\Program Files\iPod
2013-10-04 14:59 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-09-29 08:10 - 2013-10-01 12:01 - 00005160 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-Wohnzimmer-Thomas PC-Wohnzimmer
2013-09-28 13:33 - 2013-09-28 13:33 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft
2013-09-28 13:31 - 2013-09-28 13:32 - 26928152 _____ (DVDVideoSoft Ltd. ) C:\Users\Thomas\Downloads\FreeYouTubeDownload.exe
2013-09-24 14:41 - 2013-09-24 14:41 - 00002057 _____ C:\Users\Public\Desktop\Zahlenbuch 1.lnk
2013-09-24 14:39 - 2013-09-24 14:39 - 00000000 ____D C:\Program Files (x86)\Klett
2013-09-22 08:38 - 2013-09-22 08:38 - 41170445 _____ C:\Users\Thomas\Downloads\Sommerfest 2013.zip
2013-09-20 22:04 - 2013-09-20 22:04 - 00448512 _____ (OldTimer Tools) C:\Users\Thomas\Downloads\TFC.exe
2013-09-20 22:02 - 2013-09-20 22:02 - 00001697 _____ C:\DelFix.txt
2013-09-20 20:59 - 2013-10-16 21:44 - 00003180 _____ C:\Windows\setupact.log
2013-09-20 20:59 - 2013-09-20 20:59 - 00000000 _____ C:\Windows\setuperr.log
2013-09-17 22:14 - 2013-09-17 22:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-17 21:30 - 2013-09-17 21:31 - 00000000 ____D C:\Users\Sabine\AppData\Roaming\Apple Computer
2013-09-17 21:30 - 2013-09-17 21:30 - 00002336 _____ C:\Users\Sabine\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-17 13:28 - 2013-09-17 13:28 - 00002336 _____ C:\Users\Thomas\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-17 13:28 - 2013-09-17 13:28 - 00001331 _____ C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2013-09-17 13:28 - 2013-09-17 13:28 - 00001126 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2013-09-17 13:28 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2013-09-17 13:27 - 2013-10-17 11:36 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-17 13:27 - 2013-10-02 17:37 - 00624224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-09-17 13:27 - 2013-09-17 13:27 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-09-17 13:27 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-09-17 12:20 - 2013-09-17 12:23 - 263426824 _____ C:\Users\Thomas\Downloads\kis14.0.0.4651de-de.exe
==================== One Month Modified Files and Folders =======
2013-10-17 11:48 - 2013-10-17 11:48 - 00000000 ____D C:\FRST
2013-10-17 11:47 - 2013-10-17 11:47 - 01954124 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2013-10-17 11:47 - 2013-10-17 11:47 - 00000474 _____ C:\Users\Thomas\Downloads\defogger_disable.log
2013-10-17 11:47 - 2013-10-17 11:47 - 00000000 _____ C:\Users\Thomas\defogger_reenable
2013-10-17 11:47 - 2013-04-13 20:00 - 00000000 ____D C:\Users\Thomas
2013-10-17 11:46 - 2013-10-17 11:46 - 00050477 _____ C:\Users\Thomas\Downloads\Defogger.exe
2013-10-17 11:41 - 2013-04-13 20:08 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1023412029-2558512523-2891409035-1004
2013-10-17 11:41 - 2013-04-03 04:52 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2013-10-17 11:39 - 2012-07-26 12:27 - 00754172 _____ C:\Windows\system32\perfh007.dat
2013-10-17 11:39 - 2012-07-26 12:27 - 00156362 _____ C:\Windows\system32\perfc007.dat
2013-10-17 11:39 - 2012-07-26 09:28 - 01748838 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-17 11:36 - 2013-09-17 13:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-17 11:35 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-10-16 21:45 - 2013-04-26 20:58 - 00000000 ____D C:\Users\Thomas\AppData\Local\Windows Live
2013-10-16 21:44 - 2013-09-20 20:59 - 00003180 _____ C:\Windows\setupact.log
2013-10-16 21:26 - 2013-04-13 22:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-16 18:38 - 2013-04-03 04:14 - 02026538 _____ C:\Windows\WindowsUpdate.log
2013-10-16 08:09 - 2013-04-13 20:03 - 00000000 ___RD C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-16 08:09 - 2013-04-13 20:03 - 00000000 ___RD C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-16 08:02 - 2013-09-01 12:30 - 00013756 _____ C:\Windows\PFRO.log
2013-10-16 08:02 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-16 08:02 - 2012-07-26 07:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-10-16 08:01 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-10-15 13:00 - 2013-04-13 22:29 - 00000000 ____D C:\ProgramData\Adobe
2013-10-15 12:59 - 2013-04-15 21:03 - 00000000 ____D C:\Users\Thomas\AppData\Local\Adobe
2013-10-15 12:59 - 2013-04-13 20:01 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Adobe
2013-10-15 12:58 - 2013-10-15 12:58 - 00002172 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-15 12:58 - 2013-10-15 12:58 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-10-15 12:58 - 2013-10-15 12:58 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-10-15 12:58 - 2013-04-03 04:50 - 00000000 ____D C:\ProgramData\McAfee
2013-10-15 12:57 - 2013-10-15 12:57 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-10-15 12:57 - 2013-04-15 11:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-15 10:03 - 2013-04-17 08:36 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-10-15 09:54 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-10-11 22:34 - 2013-10-11 22:34 - 00329552 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 10:16 - 2013-09-09 20:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-10 16:17 - 2013-09-02 19:09 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 16:15 - 2013-04-17 10:16 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 12:26 - 2013-04-13 22:30 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 12:51 - 2013-04-16 20:01 - 00000000 ____D C:\Users\Thomas\Documents\EB Kinderkrippe
2013-10-05 13:03 - 2013-10-05 13:03 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-05 13:03 - 2013-10-05 13:02 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-05 13:03 - 2013-10-05 13:02 - 00000000 ____D C:\Program Files\iTunes
2013-10-05 13:03 - 2013-10-05 13:02 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-05 13:02 - 2013-10-05 13:02 - 00000000 ____D C:\Program Files\iPod
2013-10-04 17:04 - 2013-05-07 10:59 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-10-02 17:37 - 2013-09-17 13:27 - 00624224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-10-02 17:37 - 2013-06-10 12:27 - 00030304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2013-10-02 17:37 - 2013-05-06 09:22 - 07717984 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-10-02 17:37 - 2013-05-05 22:42 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2013-10-02 17:37 - 2013-05-05 22:42 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2013-10-02 03:38 - 2013-09-15 20:49 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-02 03:38 - 2013-09-15 20:49 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-01 12:01 - 2013-09-29 08:10 - 00005160 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-Wohnzimmer-Thomas PC-Wohnzimmer
2013-09-29 08:12 - 2013-04-17 08:40 - 00002293 _____ C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2013-09-28 13:33 - 2013-09-28 13:33 - 00000000 ___RD C:\Users\Public\Desktop\DVDVideoSoft
2013-09-28 13:33 - 2013-04-26 14:35 - 00001442 _____ C:\Users\Public\Desktop\Free YouTube Download.lnk
2013-09-28 13:33 - 2013-04-26 14:35 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\DVDVideoSoft
2013-09-28 13:33 - 2013-04-26 14:35 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-09-28 13:32 - 2013-09-28 13:31 - 26928152 _____ (DVDVideoSoft Ltd. ) C:\Users\Thomas\Downloads\FreeYouTubeDownload.exe
2013-09-25 12:24 - 2013-09-09 20:25 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-25 12:24 - 2013-09-09 20:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-24 14:41 - 2013-09-24 14:41 - 00002057 _____ C:\Users\Public\Desktop\Zahlenbuch 1.lnk
2013-09-24 14:39 - 2013-09-24 14:39 - 00000000 ____D C:\Program Files (x86)\Klett
2013-09-23 01:28 - 2013-10-10 15:48 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-10 15:48 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-10 15:48 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-10 15:48 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-10 15:48 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-10 15:48 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-10 15:48 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-10 15:48 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 00:55 - 2013-10-10 15:48 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-10 15:48 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-10 15:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-10 15:48 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-10 15:48 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-10 15:48 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-10 15:48 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-10 15:48 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-10 15:48 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 08:38 - 2013-09-22 08:38 - 41170445 _____ C:\Users\Thomas\Downloads\Sommerfest 2013.zip
2013-09-20 22:04 - 2013-09-20 22:04 - 00448512 _____ (OldTimer Tools) C:\Users\Thomas\Downloads\TFC.exe
2013-09-20 22:02 - 2013-09-20 22:02 - 00001697 _____ C:\DelFix.txt
2013-09-20 22:02 - 2013-09-02 22:17 - 00000000 ____D C:\Windows\ERUNT
2013-09-20 20:59 - 2013-09-20 20:59 - 00000000 _____ C:\Windows\setuperr.log
2013-09-20 20:58 - 2013-05-30 21:51 - 00602624 ___SH C:\Users\Thomas\Downloads\Thumbs.db
2013-09-18 13:00 - 2013-04-13 19:54 - 00000000 ____D C:\Users\Sabine
2013-09-17 22:26 - 2013-04-13 20:00 - 00000000 ____D C:\Users\Thomas\AppData\Local\Packages
2013-09-17 22:15 - 2013-09-02 19:28 - 00001115 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-17 22:15 - 2013-09-02 19:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-17 22:14 - 2013-09-17 22:14 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Thomas\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-17 21:41 - 2013-04-18 14:01 - 00000000 ____D C:\Users\Sabine\AppData\Local\VirtualStore
2013-09-17 21:31 - 2013-09-17 21:30 - 00000000 ____D C:\Users\Sabine\AppData\Roaming\Apple Computer
2013-09-17 21:30 - 2013-09-17 21:30 - 00002336 _____ C:\Users\Sabine\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-17 21:30 - 2013-04-18 14:01 - 00000000 ___RD C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-17 21:30 - 2013-04-18 14:01 - 00000000 ___RD C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-17 21:30 - 2013-04-18 14:01 - 00000000 ____D C:\Users\Sabine\AppData\Local\Packages
2013-09-17 20:30 - 2013-05-22 13:10 - 00000000 ____D C:\Program Files\My Dell
2013-09-17 20:30 - 2013-04-03 04:43 - 00000000 ____D C:\ProgramData\PCDr
2013-09-17 13:28 - 2013-09-17 13:28 - 00002336 _____ C:\Users\Thomas\Desktop\Sicherer Zahlungsverkehr.lnk
2013-09-17 13:28 - 2013-09-17 13:28 - 00001331 _____ C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2013-09-17 13:28 - 2013-09-17 13:28 - 00001126 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2013-09-17 13:28 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-09-17 13:27 - 2013-09-17 13:27 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-09-17 13:27 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-09-17 12:23 - 2013-09-17 12:20 - 263426824 _____ C:\Users\Thomas\Downloads\kis14.0.0.4651de-de.exe
2013-09-17 11:44 - 2013-09-16 14:10 - 00000000 ____D C:\Users\Thomas\AppData\Local\Canon Easy-PhotoPrint EX
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-10 12:43
==================== End Of Log ============================
Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Thomas at 2013-10-17 11:48:52
Running from C:\Users\Thomas\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
Adobe AIR (x32 Version: 3.8.0.1430)
Adobe Community Help (x32 Version: 3.5.23)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Photoshop Elements 10 (x32 Version: 10.0)
Adobe Premiere Elements 10 (Version: 10.0)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX (x32)
Canon Easy-WebPrint EX (x32)
Canon IJ Network Scanner Selector EX (x32)
Canon IJ Network Tool (x32 Version: 3.1.1)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32)
Canon MG5300 series Benutzerregistrierung (x32)
Canon MG5300 series MP Drivers
Canon MG5300 series On-screen Manual (x32)
Canon MP Navigator EX 5.0 (x32)
Canon My Printer (x32)
Canon Solution Menu EX (x32)
CCleaner (Version: 4.05)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415)
CyberLink Media Suite 10 (x32 Version: 10.0.1.2417)
CyberLink Media Suite Essentials (x32 Version: 10.0)
CyberLink Power2Go 8 (x32 Version: 8.0.0.2126)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2413)
CyberLink PowerDVD 10 (x32 Version: 10.0.4828.52)
D3DX10 (x32 Version: 15.4.2368.0902)
Dell Backup and Recovery - Support Software (x32 Version: 1.5.0.0)
Dell Backup and Recovery (x32 Version: 1.5.0.0)
Dell Touchpad (Version: 8.1200.101.217)
Elements 10 Organizer (x32 Version: 10.0)
Fotogalerie (x32 Version: 16.4.3505.0912)
Free YouTube Download version 3.2.13.925 (x32 Version: 3.2.13.925)
iCloud (Version: 2.1.2.8)
Intel PROSet Wireless
Intel(R) Control Center (x32 Version: 1.2.1.1008)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2867)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.5.4.0423)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.6.1209.0268)
Intel(R) Rapid Storage Technology (x32 Version: 11.6.0.1030)
Intel(R) WiDi (Version: 3.5.40.0)
Intel® PROSet/Wireless WiFi-Software (Version: 15.05.6000.1620)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
iTunes (Version: 11.1.1.11)
Kaspersky Internet Security (x32 Version: 14.0.0.4651)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (x32 Version: 3.0.285.6)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Home and Student 2013 - de-de (Version: 15.0.4535.1511)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Müller Foto (x32 Version: 5.0.1)
My Dell (Version: 3.4.6308.28)
MyFreeCodec (HKCU)
MyTomTom 3.2.0.906 (x32 Version: 3.2.0.906)
NVIDIA GeForce Experience 1.5 (Version: 1.5)
NVIDIA Grafiktreiber 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA Optimus 4.11.9 (Version: 4.11.9)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604)
NVIDIA Systemsteuerung 320.49 (Version: 320.49)
NVIDIA Update 4.11.9 (Version: 4.11.9)
NVIDIA Update Components (Version: 4.11.9)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4535.1511)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4535.1511)
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4535.1511)
Photo Gallery (x32 Version: 16.4.3505.0912)
PRE10STI64Installer (x32 Version: 1.0)
PSE10 STI Installer (x32 Version: 10.0)
Quickset64 (Version: 11.1.37)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
Samsung Kies (x32 Version: 2.5.3.13052_10)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Shared C Run-time for x64 (Version: 10.0.0)
SmartSound Common Data (x32 Version: 1.1.0)
SmartSound Premiere Elements 10 x64 Plugin (Version: 5.70.0001)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1)
SpywareBlaster 5.0 (x32 Version: 5.0.0)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (Version: 2.6.2.0)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Zahlenbuch 1 (x32)
==================== Restore Points =========================
24-09-2013 19:28:30 Windows Update
04-10-2013 14:25:03 Windows Update
10-10-2013 14:13:33 Windows Update
15-10-2013 08:05:25 Windows Update
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1220E939-99F9-43ED-B0C0-5FDED51ECC9E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-09-06] (PC-Doctor, Inc.)
Task: {18317699-33F7-485A-8668-F822ECF4E4E1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2F48A043-F0F8-4AB1-9199-99D7987A4B83} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {3AADC153-47C1-430D-AA20-FECAC8086674} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-06] (PC-Doctor, Inc.)
Task: {65486AFD-909D-4B4C-BC56-8468709407B4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-09-06] (Microsoft Corporation)
Task: {6EF000A9-5DE6-4691-AAD2-13EDF60D011F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {AFAEE413-E979-45D4-95E7-C47B11D752BD} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {C7AF4EE0-2958-41F0-9520-A601A644EFEC} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe
Task: {C85AFA53-D3B4-4277-8CD8-6C610768AE55} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {D64E44A8-7039-4F4F-87AD-DD8A4B9C285F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {F011C1CC-C7C6-487D-9D1E-DB52C3040B22} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-Wohnzimmer-Thomas PC-Wohnzimmer => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2013-10-11] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-04-03 13:27 - 2013-01-03 00:55 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-04-03 13:30 - 2012-10-26 20:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-30 13:15 - 2012-05-30 13:15 - 00404008 _____ () C:\Program Files\Intel\TurboBoost\de\SignalIslandUi.resources.dll
2013-04-03 13:31 - 2013-01-11 15:45 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-07-06 18:09 - 2013-04-20 00:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-04-03 04:48 - 2012-04-25 04:43 - 00037352 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll
2013-09-06 14:16 - 2013-09-06 14:16 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\26def6ab53d268e53635f2a61a1b2ed3\PSIClient.ni.dll
2013-04-03 04:37 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-04-03 13:31 - 2013-01-11 15:45 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-11 10:12 - 2013-10-11 12:51 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-10-11 10:12 - 2013-10-11 12:51 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2013-04-03 04:46 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-09 20:24 - 2013-09-11 04:26 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-07-06 18:09 - 2013-05-03 01:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/16/2013 10:10:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8172
Error: (10/16/2013 10:10:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8172
Error: (10/16/2013 10:10:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/16/2013 09:11:08 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
Error: (10/16/2013 09:11:08 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
Error: (10/16/2013 09:11:08 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
Error: (10/16/2013 09:11:08 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
Error: (10/16/2013 09:11:08 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
Error: (10/16/2013 09:11:08 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
Error: (10/16/2013 09:11:08 PM) (Source: Bonjour Service) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
System errors:
=============
Error: (10/17/2013 11:40:44 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (10/17/2013 11:40:14 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (10/17/2013 11:39:44 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (10/17/2013 11:39:14 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (10/17/2013 11:38:44 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (10/17/2013 11:38:14 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (10/17/2013 11:36:36 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (10/15/2013 10:16:37 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (10/14/2013 11:20:55 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.
Error: (10/13/2013 09:45:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (10/16/2013 10:10:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8172
Error: (10/16/2013 10:10:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8172
Error: (10/16/2013 10:10:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/16/2013 09:11:08 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
Error: (10/16/2013 09:11:08 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
Error: (10/16/2013 09:11:08 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
Error: (10/16/2013 09:11:08 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
Error: (10/16/2013 09:11:08 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
Error: (10/16/2013 09:11:08 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
Error: (10/16/2013 09:11:08 PM) (Source: Bonjour Service)(User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
GMER: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-17 12:00:09
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003a WDC_WD10JPVT-75A1YT0 rev.01.01A01 931,51GB
Running: gmer_2.1.19163(1).exe; Driver: C:\Users\Thomas\AppData\Local\Temp\awdcypow.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Ich hoffe, Ihr könnt mir helfen!
Viele Grüße, Sabine | 