Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus "versteckt" Ordner und Dateien auf USB-Stick! (https://www.trojaner-board.de/144270-virus-versteckt-ordner-dateien-usb-stick.html)

maxt 09.11.2013 11:40
Virus "versteckt" Ordner und Dateien auf USB-Stick!
 
Hallo allerseits!

Habe mir über den PC eines Lehrers leider einen Virus auf meinem USB-Stick eingefangen. Und jetzt hab ich das Problem dass meine Dateien auf dem USB-Stick nicht mehr angezeigt werden, nur noch ein versteckter, leerer Ordner namens "RECYCLER". Versteckte Ordner hab ich natürlich eingeblendet.
Warum ich glaube dass da noch Daten drauf sind? Weil erstens 4GB belegt sind und wenn ich einen Kaspersky-Scan drüberlaufen lass, sehe ich ja wie er die einzelnen Dateien abscannt, also Kaspersky "sieht" sie jedenfalls noch!

Vielleicht sollte ich noch dazu sagen dass ich mir bereits ein paar Tage davor einen Virus eingefangen habe, welcher die Ordner in Verknüpfungen umwandelte und eine .exe-Datei darin erstellte. Doch diesen konnte ich mittels Kaspersky entfernen (glaub ich jedenfalls).

Hoffe ihr könnt mir helfen,
vielen Dank, maxt

schrauber 09.11.2013 13:03
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


maxt 09.11.2013 15:52
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Max at 2013-11-09 15:44:03
Running from C:\Users\Max\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
A1 Servicecenter (x32 Version: 1.3.0.37)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Amnesia: The Dark Descent Demo  (x32)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
ASUS Xonar DX Audio Driver
AviSynth 2.5 (x32)
Bonjour (Version: 3.0.0.10)
Call of Duty: Modern Warfare 3 - Multiplayer (x32)
CCleaner (Version: 4.02)
Cisco Networking Academy curriculum 4.0.0.2 (x32)
Contract Jack (MultiDemo) (x32)
Counter-Strike: Global Offensive (x32)
CPUID HWMonitor 1.23
DAEMON Tools Lite (x32 Version: 4.46.1.0327)
Dead Island (x32)
Dropbox (HKCU Version: 2.0.26)
easyFly 4 Starter Edition (HKCU Version: 4.0.1.3)
Freemake Video Converter Version 4.0.2 (x32 Version: 4.0.2)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
HappyFoto-Designer 4.5 (x32)
IrfanView (remove only) (x32 Version: 4.36)
iTunes (Version: 11.1.0.126)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
JDownloader 0.9 (x32 Version: 0.9)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558)
LIMBO Demo (x32)
Logitech Gaming Software 8.40 (Version: 8.40.83)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.4763.1000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 25.0 (x86 de) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
Need for Speed Most Wanted (x32)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenAL (x32)
QuickTime (x32 Version: 7.74.80.86)
Recuva (Version: 1.45)
Safari (x32 Version: 5.34.57.2)
Spybot - Search & Destroy (x32 Version: 2.0.12)
Steam (x32 Version: 1.0.0.0)
TmNationsForever (x32)
Tomb Raider (x32)
VLC media player 2.0.7 (Version: 2.0.7)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)

==================== Restore Points  =========================

05-11-2013 15:39:38 Windows Update
05-11-2013 17:22:23 Installed Java 7 Update 45

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {159B9055-462E-47D7-B85C-D99224A3A7A0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {34A16575-9DC7-449F-9710-CB41FDDDE34E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {4947C4D5-E87B-4B95-BFC9-566CEC82F234} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {561127B7-7E79-4942-9B50-BD267F9B05CD} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2013-07-27] ()
Task: {A97DA962-3336-4776-B728-3945A6779185} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-20] (Google Inc.)
Task: {ADA8BF6F-EA19-43A6-BB1E-1EF449095E5A} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {D3A9D199-3A43-48AB-89A9-F9D974CD34E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-20] (Google Inc.)
Task: {D5538FC2-AEC6-4BEB-A6F3-DCE812326690} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-05] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2013-03-13 22:17 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-03-13 22:17 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-03-13 22:17 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-03-13 22:17 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-03-13 22:17 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-01-09 18:27 - 2011-04-19 14:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DX Audio\Customapp\VmixP8.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\Max\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 22:17 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2013-11-07 17:34 - 2013-11-07 17:34 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Coprozessor
Description: Coprozessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/09/2013 02:50:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: A1Diagnose.exe, Version: 4.5.0.222, Zeitstempel: 0x51c48651
Name des fehlerhaften Moduls: A1Diagnose.exe, Version: 4.5.0.222, Zeitstempel: 0x51c48651
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00088763
ID des fehlerhaften Prozesses: 0xdb4
Startzeit der fehlerhaften Anwendung: 0xA1Diagnose.exe0
Pfad der fehlerhaften Anwendung: A1Diagnose.exe1
Pfad des fehlerhaften Moduls: A1Diagnose.exe2
Berichtskennung: A1Diagnose.exe3

Error: (11/09/2013 11:57:50 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14056

Error: (11/09/2013 11:57:50 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14056

Error: (11/09/2013 11:57:50 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/09/2013 11:57:48 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13042

Error: (11/09/2013 11:57:48 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13042

Error: (11/09/2013 11:57:48 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/09/2013 11:57:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12043

Error: (11/09/2013 11:57:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12043

Error: (11/09/2013 11:57:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/09/2013 02:49:40 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.

Error: (11/09/2013 08:43:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (11/09/2013 08:43:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/07/2013 03:43:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (11/07/2013 03:43:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/07/2013 03:40:10 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎06.‎11.‎2013 um 01:30:08 unerwartet heruntergefahren.

Error: (11/05/2013 09:23:46 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (11/05/2013 09:23:45 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (11/05/2013 09:23:45 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (11/05/2013 09:23:44 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.


Microsoft Office Sessions:
=========================
Error: (11/09/2013 02:50:09 PM) (Source: Application Error)(User: )
Description: A1Diagnose.exe4.5.0.22251c48651A1Diagnose.exe4.5.0.22251c48651c000000500088763db401cedd1f1e70f130C:\Program Files (x86)\A1 Servicecenter\A1 Diagnose\A1Diagnose.exeC:\Program Files (x86)\A1 Servicecenter\A1 Diagnose\A1Diagnose.exed859ed30-4945-11e3-a08d-bcaec51b7e2b

Error: (11/09/2013 11:57:50 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14056

Error: (11/09/2013 11:57:50 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14056

Error: (11/09/2013 11:57:50 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/09/2013 11:57:48 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13042

Error: (11/09/2013 11:57:48 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13042

Error: (11/09/2013 11:57:48 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/09/2013 11:57:47 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12043

Error: (11/09/2013 11:57:47 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12043

Error: (11/09/2013 11:57:47 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2013-11-07 16:26:15.909
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-07 16:26:15.908
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-07 16:26:15.906
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-07 16:26:15.893
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-07 16:26:15.892
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-07 16:26:15.891
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-06 00:56:05.855
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-06 00:56:05.854
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-06 00:56:05.852
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-06 00:56:05.834
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 8191.18 MB
Available physical RAM: 6523.77 MB
Total Pagefile: 16380.54 MB
Available Pagefile: 13673.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:32.22 GB) NTFS
Drive d: (Downloads) (Fixed) (Total:500 GB) (Free:132.68 GB) NTFS
Drive e: (Max) (Fixed) (Total:701.94 GB) (Free:270.95 GB) NTFS
Drive g: (UNDEFINED) (CDROM) (Total:6.35 GB) (Free:0 GB) UDF
Drive h: (TEUFEL) (Removable) (Total:7.47 GB) (Free:3.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 2E24A734)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-908443922432) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=07 NTFS)

==================== End Of Log ============================


FRST.txt

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Max (administrator) on MAX-PC on 09-11-2013 15:42:39
Running from C:\Users\Max\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(CMedia) C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Dropbox, Inc.) C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\SysWOW64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
MountPoints2: {6ee56166-61b7-11e2-b2f3-bcaec51b7e2b} - G:\Setup.exe
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-03] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [A1Diagnose] - C:\Program Files (x86)\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe [19959848 2013-06-24] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=F468BCAEC51B7E2B&affID=119357&tsp=4995
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE0414435ED74CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
SearchScopes: HKCU - DefaultScope {5A7CFAC5-7B69-4E65-851B-BAE4929A2960} URL = hxxp://search.softonic.com/MOY00358/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=f4689164000000000000bcaec51b7e2b&r=64
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_Btisdt7&mntrId=F468BCAEC51B7E2B&affID=119357&tsp=4995
SearchScopes: HKCU - {5A7CFAC5-7B69-4E65-851B-BAE4929A2960} URL = hxxp://search.softonic.com/MOY00358/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=f4689164000000000000bcaec51b7e2b&r=64
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oakg9lpu.default
FF user.js: detected! => C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oakg9lpu.default\user.js
FF Homepage: hxxp://www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oakg9lpu.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: firefox - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oakg9lpu.default\Extensions\firefox@mega.co.nz.xpi
FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oakg9lpu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com

Chrome:
=======
CHR HomePage: hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=F468BCAEC51B7E2B&affID=119357&tsp=4995
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Extension: (Google Docs) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.2.558_0
CHR Extension: (Safe Money) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.2.558_0
CHR Extension: (Content Blocker) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.2.614_0
CHR Extension: (Virtual Keyboard) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.2.614_0
CHR Extension: (Google Wallet) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Anti-Banner) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.2.558_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-03] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-09-22] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-11-03] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-11-03] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-03] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-03] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-03] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-03] (Kaspersky Lab ZAO)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-11-03] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-09 15:42 - 2013-11-09 15:42 - 00000000 ____D C:\FRST
2013-11-09 15:41 - 2013-11-09 15:41 - 01957098 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2013-11-09 11:02 - 2013-11-09 11:02 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Max\Downloads\unhide.exe
2013-11-07 17:34 - 2013-11-07 17:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-07 15:40 - 2013-11-09 08:40 - 00000112 _____ C:\Windows\setupact.log
2013-11-05 20:05 - 2013-11-05 20:05 - 29732385 _____ C:\Users\Max\Downloads\MAGIX Produkte mit dem Keygen von DiGiTAL INSANiTY aktivieren.mp4
2013-11-05 20:04 - 2013-11-05 20:06 - 05965689 _____ C:\Users\Max\Downloads\mgxapkg11-di.rar
2013-11-05 18:42 - 2013-11-05 18:42 - 00000000 ____D C:\Users\Max\AppData\Local\a1.net
2013-11-05 18:42 - 2013-09-08 13:35 - 00073184 ____N (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Windows\SysWOW64\SSDPDiscovery.dll
2013-11-05 18:42 - 2008-02-03 16:00 - 00648656 ____N (/n software inc. - www.nsoftware.com) C:\Windows\SysWOW64\ipworks6.dll
2013-11-05 18:38 - 2013-11-05 18:38 - 00000000 ____D C:\Users\Max\AppData\Roaming\mquadr.at
2013-11-05 18:38 - 2013-11-05 18:38 - 00000000 ____D C:\Users\Max\AppData\Local\a1ta
2013-11-05 18:38 - 2013-11-05 18:38 - 00000000 ____D C:\ProgramData\m2backup
2013-11-05 18:37 - 2013-11-09 15:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-05 18:37 - 2013-11-05 19:25 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-05 18:37 - 2013-11-05 18:44 - 00000000 ____D C:\Users\Max\AppData\Roaming\A1 Servicecenter
2013-11-05 18:37 - 2013-11-05 18:38 - 00000000 ____D C:\Users\Max\AppData\Local\mquadr.at
2013-11-05 18:37 - 2013-11-05 18:38 - 00000000 ____D C:\ProgramData\mquadr.at
2013-11-05 18:37 - 2013-11-05 18:37 - 00001327 _____ C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\A1 Servicecenter.lnk
2013-11-05 18:37 - 2013-11-05 18:37 - 00001303 _____ C:\Users\Public\Desktop\A1 Servicecenter.lnk
2013-11-05 18:37 - 2013-11-05 18:37 - 00000000 __HDC C:\ProgramData\{30B7C7A9-BE61-40B4-874B-7A3632052459}
2013-11-05 18:37 - 2013-11-05 18:37 - 00000000 ____D C:\Program Files (x86)\A1 Servicecenter
2013-11-05 18:37 - 2013-06-24 09:01 - 03747896 ____N (mquadr.at software engineering und consulting GmbH) C:\Windows\SysWOW64\M2ElevatedCalls.dll
2013-11-05 18:37 - 2013-06-24 09:01 - 03489368 ____N (mquadr.at software engineering & consulting GmbH) C:\Windows\SysWOW64\m2network64helper.exe
2013-11-05 18:37 - 2013-06-24 09:01 - 00961624 ____N (mquadr.at software engineering) C:\Windows\SysWOW64\M2ElevatedNetworkAdapters.dll
2013-11-05 18:37 - 2012-12-03 14:58 - 00279040 ____N (Nicomsoft Ltd.) C:\Windows\system32\WiFiMan.dll
2013-11-05 18:37 - 2012-12-03 14:57 - 00238592 ____N (Nicomsoft Ltd.) C:\Windows\SysWOW64\WiFiMan.dll
2013-11-05 18:33 - 2013-11-05 18:35 - 112826336 _____ (A1 Telekom Austria AG                                                                                                                                                                                                                                                                                      ) C:\Users\Max\Downloads\Setup_A1Servicecenter.exe
2013-11-05 18:23 - 2013-11-05 18:23 - 00000000 ____D C:\ProgramData\Sun
2013-11-05 18:23 - 2013-11-05 18:23 - 00000000 ____D C:\ProgramData\Oracle
2013-11-05 18:22 - 2013-11-05 18:22 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-05 18:22 - 2013-11-05 18:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-05 18:22 - 2013-11-05 18:22 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-05 18:22 - 2013-11-05 18:22 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-05 18:22 - 2013-11-05 18:22 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-05 18:20 - 2013-11-05 18:20 - 00915368 _____ (Oracle Corporation) C:\Users\Max\Downloads\jxpiinstall.exe
2013-11-03 23:31 - 2013-11-03 23:31 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2013-11-03 23:30 - 2013-11-03 23:30 - 00000000 ____D C:\ProgramData\Wondershare
2013-11-03 23:27 - 2013-11-03 23:27 - 40697064 _____ (Wondershare Software Co.,Ltd.                              ) C:\Users\Max\Downloads\drfone_full1284.exe
2013-11-03 23:18 - 2013-11-03 23:34 - 00000000 ____D C:\Program Files (x86)\Wondershare
2013-11-03 23:18 - 2013-11-03 23:18 - 00000000 ____D C:\Users\Max\AppData\Local\Wondershare
2013-11-03 23:11 - 2013-11-03 23:17 - 00000000 ____D C:\Users\Max\AppData\Roaming\GetRightToGo
2013-11-03 23:09 - 2013-11-03 23:09 - 00000000 ____D C:\Users\Max\AppData\Local\IsolatedStorage
2013-11-03 23:04 - 2013-11-03 23:04 - 04588568 _____ (Marx Software                                              ) C:\Users\Max\Downloads\IDM322Setup.exe
2013-11-03 23:02 - 2013-11-03 23:02 - 00368304 _____ (RegNow.com) C:\Users\Max\Downloads\Download_drfone_iphone4_full1130.exe
2013-11-03 21:32 - 2013-11-03 21:32 - 00000504 _____ C:\Users\Max\Documents\spLog.log
2013-11-03 21:04 - 2013-11-03 21:04 - 00002220 _____ C:\Users\Max\Desktop\Sicherer Zahlungsverkehr.lnk
2013-11-03 21:02 - 2013-11-03 21:02 - 00001078 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-11-03 21:02 - 2012-07-11 17:09 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2013-11-03 21:01 - 2011-06-02 14:39 - 00084536 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2013-11-03 21:01 - 2011-06-02 14:39 - 00066616 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2013-11-03 21:00 - 2013-11-09 15:07 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-03 21:00 - 2013-11-03 21:15 - 00626272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-11-03 21:00 - 2013-11-03 21:15 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-11-03 21:00 - 2013-11-03 21:00 - 00000000 ____D C:\Windows\ELAMBKUP
2013-11-03 21:00 - 2013-11-03 21:00 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-03 20:28 - 2013-11-03 20:30 - 188740896 _____ (Kaspersky Lab) C:\Users\Max\Downloads\pure13.0.2.558DE_4340(1).exe
2013-11-03 20:27 - 2013-11-03 20:27 - 00614816 _____ C:\Users\Max\Downloads\SuperAntiSpyware - CHIP-Downloader.exe
2013-11-01 23:53 - 2013-11-01 23:53 - 00000000 ____D C:\Users\Max\AppData\Local\SKIDROW
2013-11-01 20:48 - 2013-11-01 20:48 - 00008938 _____ C:\Users\Max\Desktop\coke.xlsx
2013-10-23 19:34 - 2013-11-09 08:41 - 00007264 _____ C:\Windows\AutoKMS.log
2013-10-23 19:32 - 2013-10-23 19:32 - 00000000 _____ C:\Windows\setuperr.log
2013-10-21 15:58 - 2013-10-21 16:02 - 00000000 ____D C:\Users\Max\Downloads\8797909
2013-10-21 15:58 - 2013-10-21 15:58 - 00623838 _____ C:\Users\Max\Downloads\8797909.zip
2013-10-21 12:53 - 2013-10-21 13:05 - 00000000 ____D C:\Users\Max\Desktop\Mostviertler_Inno
2013-10-21 12:53 - 2013-10-21 12:53 - 00000000 ____D C:\Users\Max\Desktop\Jugend_inno
2013-10-16 12:33 - 2013-10-16 12:33 - 00000000 __SHD C:\found.001
2013-10-10 14:51 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 14:51 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 14:51 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 14:51 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 14:51 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 14:51 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 14:51 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 14:51 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 14:51 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 14:51 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 14:51 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 14:51 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 14:51 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 14:51 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 14:51 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 14:51 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 14:51 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 14:51 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 14:51 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 14:51 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 14:51 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 14:51 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 14:51 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 14:51 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 14:51 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 14:51 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 14:51 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 14:51 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 14:51 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 14:51 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 14:51 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 14:20 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 14:20 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 14:20 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 14:20 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 14:20 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 14:20 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 14:20 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 14:20 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 14:20 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 14:20 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 14:20 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 14:20 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 14:20 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 14:20 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 14:20 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 14:20 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 14:20 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 14:20 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 14:20 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 14:20 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 14:20 - 2012-11-28 23:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-10 14:20 - 2012-11-28 23:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-10 14:20 - 2012-11-28 23:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

==================== One Month Modified Files and Folders =======

2013-11-09 15:42 - 2013-11-09 15:42 - 00000000 ____D C:\FRST
2013-11-09 15:41 - 2013-11-09 15:41 - 01957098 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2013-11-09 15:27 - 2013-03-20 11:27 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-09 15:25 - 2013-11-05 18:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-09 15:23 - 2013-07-25 09:58 - 00000000 ____D C:\Users\Max\AppData\Roaming\Dropbox
2013-11-09 15:07 - 2013-11-03 21:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-09 14:50 - 2013-01-06 19:17 - 01493051 _____ C:\Windows\WindowsUpdate.log
2013-11-09 11:02 - 2013-11-09 11:02 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Max\Downloads\unhide.exe
2013-11-09 11:00 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-11-09 11:00 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-11-09 11:00 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-09 09:09 - 2013-03-09 16:46 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-09 09:09 - 2013-01-07 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-09 08:58 - 2013-07-25 10:19 - 00000000 ___RD C:\Users\Max\Dropbox
2013-11-09 08:48 - 2009-07-14 05:45 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-09 08:48 - 2009-07-14 05:45 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-09 08:41 - 2013-10-23 19:34 - 00007264 _____ C:\Windows\AutoKMS.log
2013-11-09 08:41 - 2013-07-27 12:04 - 00000196 _____ C:\Windows\Tasks\AutoKMS.job
2013-11-09 08:41 - 2013-03-20 11:27 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-09 08:40 - 2013-11-07 15:40 - 00000112 _____ C:\Windows\setupact.log
2013-11-09 08:40 - 2013-01-06 20:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-09 08:40 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-07 17:34 - 2013-11-07 17:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 20:06 - 2013-11-05 20:04 - 05965689 _____ C:\Users\Max\Downloads\mgxapkg11-di.rar
2013-11-05 20:05 - 2013-11-05 20:05 - 29732385 _____ C:\Users\Max\Downloads\MAGIX Produkte mit dem Keygen von DiGiTAL INSANiTY aktivieren.mp4
2013-11-05 19:25 - 2013-11-05 18:37 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-05 19:25 - 2013-01-07 22:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 19:25 - 2013-01-07 22:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-05 18:44 - 2013-11-05 18:37 - 00000000 ____D C:\Users\Max\AppData\Roaming\A1 Servicecenter
2013-11-05 18:42 - 2013-11-05 18:42 - 00000000 ____D C:\Users\Max\AppData\Local\a1.net
2013-11-05 18:38 - 2013-11-05 18:38 - 00000000 ____D C:\Users\Max\AppData\Roaming\mquadr.at
2013-11-05 18:38 - 2013-11-05 18:38 - 00000000 ____D C:\Users\Max\AppData\Local\a1ta
2013-11-05 18:38 - 2013-11-05 18:38 - 00000000 ____D C:\ProgramData\m2backup
2013-11-05 18:38 - 2013-11-05 18:37 - 00000000 ____D C:\Users\Max\AppData\Local\mquadr.at
2013-11-05 18:38 - 2013-11-05 18:37 - 00000000 ____D C:\ProgramData\mquadr.at
2013-11-05 18:37 - 2013-11-05 18:37 - 00001327 _____ C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\A1 Servicecenter.lnk
2013-11-05 18:37 - 2013-11-05 18:37 - 00001303 _____ C:\Users\Public\Desktop\A1 Servicecenter.lnk
2013-11-05 18:37 - 2013-11-05 18:37 - 00000000 __HDC C:\ProgramData\{30B7C7A9-BE61-40B4-874B-7A3632052459}
2013-11-05 18:37 - 2013-11-05 18:37 - 00000000 ____D C:\Program Files (x86)\A1 Servicecenter
2013-11-05 18:35 - 2013-11-05 18:33 - 112826336 _____ (A1 Telekom Austria AG                                                                                                                                                                                                                                                                                      ) C:\Users\Max\Downloads\Setup_A1Servicecenter.exe
2013-11-05 18:23 - 2013-11-05 18:23 - 00000000 ____D C:\ProgramData\Sun
2013-11-05 18:23 - 2013-11-05 18:23 - 00000000 ____D C:\ProgramData\Oracle
2013-11-05 18:22 - 2013-11-05 18:22 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-05 18:22 - 2013-11-05 18:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-05 18:22 - 2013-11-05 18:22 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-05 18:22 - 2013-11-05 18:22 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-05 18:22 - 2013-11-05 18:22 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-05 18:20 - 2013-11-05 18:20 - 00915368 _____ (Oracle Corporation) C:\Users\Max\Downloads\jxpiinstall.exe
2013-11-04 17:25 - 2013-09-19 13:25 - 00001580 _____ C:\Users\Max\Documents\TombRaider.log
2013-11-04 15:03 - 2013-06-09 17:47 - 00000000 ____D C:\Users\Max\Desktop\verkaufen
2013-11-03 23:34 - 2013-11-03 23:18 - 00000000 ____D C:\Program Files (x86)\Wondershare
2013-11-03 23:33 - 2013-03-20 11:29 - 00000000 ____D C:\Program Files\Recuva
2013-11-03 23:31 - 2013-11-03 23:31 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2013-11-03 23:30 - 2013-11-03 23:30 - 00000000 ____D C:\ProgramData\Wondershare
2013-11-03 23:27 - 2013-11-03 23:27 - 40697064 _____ (Wondershare Software Co.,Ltd.                              ) C:\Users\Max\Downloads\drfone_full1284.exe
2013-11-03 23:18 - 2013-11-03 23:18 - 00000000 ____D C:\Users\Max\AppData\Local\Wondershare
2013-11-03 23:17 - 2013-11-03 23:11 - 00000000 ____D C:\Users\Max\AppData\Roaming\GetRightToGo
2013-11-03 23:09 - 2013-11-03 23:09 - 00000000 ____D C:\Users\Max\AppData\Local\IsolatedStorage
2013-11-03 23:08 - 2013-06-28 16:32 - 00000000 ____D C:\Users\Max\AppData\Roaming\Software4u
2013-11-03 23:04 - 2013-11-03 23:04 - 04588568 _____ (Marx Software                                              ) C:\Users\Max\Downloads\IDM322Setup.exe
2013-11-03 23:02 - 2013-11-03 23:02 - 00368304 _____ (RegNow.com) C:\Users\Max\Downloads\Download_drfone_iphone4_full1130.exe
2013-11-03 21:32 - 2013-11-03 21:32 - 00000504 _____ C:\Users\Max\Documents\spLog.log
2013-11-03 21:15 - 2013-11-03 21:00 - 00626272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-11-03 21:15 - 2013-11-03 21:00 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-11-03 21:15 - 2012-10-18 14:50 - 00054368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-11-03 21:15 - 2012-09-03 18:23 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2013-11-03 21:15 - 2012-09-03 17:57 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2013-11-03 21:15 - 2012-08-13 16:49 - 00178448 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2013-11-03 21:15 - 2012-06-19 17:28 - 07717984 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-11-03 21:04 - 2013-11-03 21:04 - 00002220 _____ C:\Users\Max\Desktop\Sicherer Zahlungsverkehr.lnk
2013-11-03 21:02 - 2013-11-03 21:02 - 00001078 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-11-03 21:00 - 2013-11-03 21:00 - 00000000 ____D C:\Windows\ELAMBKUP
2013-11-03 21:00 - 2013-11-03 21:00 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-03 20:30 - 2013-11-03 20:28 - 188740896 _____ (Kaspersky Lab) C:\Users\Max\Downloads\pure13.0.2.558DE_4340(1).exe
2013-11-03 20:27 - 2013-11-03 20:27 - 00614816 _____ C:\Users\Max\Downloads\SuperAntiSpyware - CHIP-Downloader.exe
2013-11-01 23:53 - 2013-11-01 23:53 - 00000000 ____D C:\Users\Max\AppData\Local\SKIDROW
2013-11-01 20:48 - 2013-11-01 20:48 - 00008938 _____ C:\Users\Max\Desktop\coke.xlsx
2013-10-23 19:32 - 2013-10-23 19:32 - 00000000 _____ C:\Windows\setuperr.log
2013-10-23 17:46 - 2013-01-18 22:46 - 00000000 ____D C:\Users\Max\AppData\Roaming\DAEMON Tools Lite
2013-10-23 17:46 - 2013-01-06 19:13 - 00000000 ____D C:\Windows\Panther
2013-10-21 20:27 - 2013-07-23 20:25 - 00000000 ____D C:\Users\Max\AppData\Roaming\vlc
2013-10-21 20:24 - 2013-09-22 21:34 - 00000000 ____D C:\Users\Max\AppData\Roaming\dvdcss
2013-10-21 16:02 - 2013-10-21 15:58 - 00000000 ____D C:\Users\Max\Downloads\8797909
2013-10-21 15:58 - 2013-10-21 15:58 - 00623838 _____ C:\Users\Max\Downloads\8797909.zip
2013-10-21 13:52 - 2013-09-10 20:26 - 00209920 _____ C:\Users\Max\Desktop\Aktienhandel.xlsx
2013-10-21 13:05 - 2013-10-21 12:53 - 00000000 ____D C:\Users\Max\Desktop\Mostviertler_Inno
2013-10-21 12:53 - 2013-10-21 12:53 - 00000000 ____D C:\Users\Max\Desktop\Jugend_inno
2013-10-20 00:34 - 2013-03-24 22:26 - 00000000 ____D C:\Users\Max\Documents\TmForever
2013-10-18 16:29 - 2013-03-20 11:30 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-16 12:33 - 2013-10-16 12:33 - 00000000 __SHD C:\found.001
2013-10-13 15:22 - 2013-03-20 11:27 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-13 15:22 - 2013-03-20 11:27 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 15:51 - 2009-07-14 05:45 - 00415736 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 14:51 - 2013-06-28 21:35 - 01590298 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-04 17:03

==================== End Of Log ============================
--- --- ---

--- --- ---



MfG, maxt

schrauber 10.11.2013 07:10
Stick anklemmen, nicht mehr abklemmen.


Panda USB Vaccine - Download - Filepony
Laden und laufen lassen.

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

maxt 11.11.2013 21:02
Danke für deine Antwort!

Das mit Panda USB Vaccine klappte leider nicht, da es ein NTFS USB-Stick ist.

Aber hier der Log von ComboFix:

Code:
ComboFix 13-11-10.02 - Max 11.11.2013  20:27:34.2.6 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.8191.6488 [GMT 1:00]
ausgeführt von:: c:\users\Max\Desktop\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-10-11 bis 2013-11-11  ))))))))))))))))))))))))))))))
.
.
2013-11-11 19:30 . 2013-11-11 19:30        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-11-11 19:30 . 2013-11-11 19:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-11-11 13:03 . 2013-11-11 13:03        --------        d-----w-        c:\programdata\Panda Security
2013-11-11 13:03 . 2013-11-11 16:41        --------        d-----w-        c:\program files (x86)\Panda USB Vaccine
2013-11-09 14:42 . 2013-11-09 14:42        --------        d-----w-        C:\FRST
2013-11-08 14:34 . 2013-10-14 07:12        10280728        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EC1319E-2119-4B1A-9BA4-4A59736E27F3}\mpengine.dll
2013-11-05 17:42 . 2013-09-08 12:35        73184        ------w-        c:\windows\SysWow64\SSDPDiscovery.dll
2013-11-05 17:42 . 2008-02-03 15:00        648656        ------w-        c:\windows\SysWow64\ipworks6.dll
2013-11-05 17:42 . 2013-11-05 17:42        --------        d-----w-        c:\users\Max\AppData\Local\a1.net
2013-11-05 17:38 . 2013-11-05 17:38        --------        d-----w-        c:\users\Max\AppData\Roaming\mquadr.at
2013-11-05 17:38 . 2013-11-05 17:38        --------        d-----w-        c:\programdata\m2backup
2013-11-05 17:38 . 2013-11-05 17:38        --------        d-----w-        c:\users\Max\AppData\Local\a1ta
2013-11-05 17:37 . 2013-11-05 17:44        --------        d-----w-        c:\users\Max\AppData\Roaming\A1 Servicecenter
2013-11-05 17:37 . 2013-11-05 17:38        --------        d-----w-        c:\programdata\mquadr.at
2013-11-05 17:37 . 2013-11-05 17:37        --------        dc-h--w-        c:\programdata\{30B7C7A9-BE61-40B4-874B-7A3632052459}
2013-11-05 17:37 . 2013-11-05 17:38        --------        d-----w-        c:\users\Max\AppData\Local\mquadr.at
2013-11-05 17:37 . 2013-11-05 17:37        --------        d-----w-        c:\program files (x86)\A1 Servicecenter
2013-11-05 17:37 . 2013-06-24 08:01        961624        ------w-        c:\windows\SysWow64\M2ElevatedNetworkAdapters.dll
2013-11-05 17:37 . 2013-06-24 08:01        3747896        ------w-        c:\windows\SysWow64\M2ElevatedCalls.dll
2013-11-05 17:37 . 2013-06-24 08:01        3489368        ------w-        c:\windows\SysWow64\m2network64helper.exe
2013-11-05 17:37 . 2012-12-03 13:58        279040        ------w-        c:\windows\system32\WiFiMan.dll
2013-11-05 17:37 . 2012-12-03 13:57        238592        ------w-        c:\windows\SysWow64\WiFiMan.dll
2013-11-05 17:23 . 2013-11-05 17:23        --------        d-----w-        c:\programdata\Oracle
2013-11-05 17:23 . 2013-11-05 17:23        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-11-05 17:22 . 2013-11-05 17:22        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-05 17:22 . 2013-11-05 17:22        --------        d-----w-        c:\program files (x86)\Java
2013-11-03 22:30 . 2013-11-03 22:30        --------        d-----w-        c:\programdata\Wondershare
2013-11-03 22:18 . 2013-11-03 22:18        --------        d-----w-        c:\users\Max\AppData\Local\Wondershare
2013-11-03 22:18 . 2013-11-03 22:18        --------        d-----w-        c:\program files (x86)\Common Files\Wondershare
2013-11-03 22:18 . 2013-11-03 22:34        --------        d-----w-        c:\program files (x86)\Wondershare
2013-11-03 22:18 . 2013-11-03 22:30        --------        d--h--w-        c:\program files (x86)\Dr.Fone_Temp
2013-11-03 22:11 . 2013-11-03 22:17        --------        d-----w-        c:\users\Max\AppData\Roaming\GetRightToGo
2013-11-03 22:09 . 2013-11-03 22:09        --------        d-----w-        c:\users\Max\AppData\Local\IsolatedStorage
2013-11-03 20:02 . 2012-07-11 16:09        64856        ----a-w-        c:\windows\system32\klfphc.dll
2013-11-03 20:01 . 2011-06-02 13:39        66616        ----a-w-        c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2013-11-03 20:01 . 2011-06-02 13:39        84536        ----a-w-        c:\windows\system32\drivers\CSCrySec.sys
2013-11-03 20:00 . 2013-11-03 20:00        --------        d-----w-        c:\windows\ELAMBKUP
2013-11-03 20:00 . 2013-11-03 20:00        --------        d-----w-        c:\program files (x86)\Common Files\InfoWatch
2013-11-03 20:00 . 2013-11-11 18:24        --------        d-----w-        c:\programdata\Kaspersky Lab
2013-11-03 20:00 . 2013-11-03 20:00        --------        d-----w-        c:\program files (x86)\Kaspersky Lab
2013-11-03 20:00 . 2013-11-03 20:15        90208        ----a-w-        c:\windows\system32\drivers\klflt.sys
2013-11-03 20:00 . 2013-11-03 20:15        626272        ----a-w-        c:\windows\system32\drivers\klif.sys
2013-11-01 22:53 . 2013-11-01 22:53        --------        d-----w-        c:\users\Max\AppData\Local\SKIDROW
2013-10-16 11:33 . 2013-10-16 11:33        --------        d-----w-        C:\found.001
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-05 18:25 . 2013-01-07 21:36        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-05 18:25 . 2013-01-07 21:36        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-03 20:15 . 2012-10-18 13:50        54368        ----a-w-        c:\windows\system32\drivers\kltdi.sys
2013-11-03 20:15 . 2012-09-03 17:23        29280        ----a-w-        c:\windows\system32\drivers\klmouflt.sys
2013-11-03 20:15 . 2012-09-03 16:57        29280        ----a-w-        c:\windows\system32\drivers\klkbdflt.sys
2013-11-03 20:15 . 2012-08-13 15:49        178448        ----a-w-        c:\windows\system32\drivers\kneps.sys
2013-11-03 20:15 . 2012-06-19 16:28        7717984        ----a-w-        c:\windows\system32\drivers\kl1.sys
2013-09-22 23:28 . 2013-10-10 13:51        1767936        ----a-w-        c:\windows\SysWow64\wininet.dll
2013-09-22 23:27 . 2013-10-10 13:51        2876928        ----a-w-        c:\windows\SysWow64\jscript9.dll
2013-09-22 23:27 . 2013-10-10 13:51        61440        ----a-w-        c:\windows\SysWow64\iesetup.dll
2013-09-22 23:27 . 2013-10-10 13:51        109056        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55 . 2013-10-10 13:51        51712        ----a-w-        c:\windows\system32\ie4uinit.exe
2013-09-22 22:55 . 2013-10-10 13:51        2241024        ----a-w-        c:\windows\system32\wininet.dll
2013-09-22 22:55 . 2013-10-10 13:51        1365504        ----a-w-        c:\windows\system32\urlmon.dll
2013-09-22 22:54 . 2013-10-10 13:51        603136        ----a-w-        c:\windows\system32\msfeeds.dll
2013-09-22 22:54 . 2013-10-10 13:51        19252224        ----a-w-        c:\windows\system32\mshtml.dll
2013-09-22 22:54 . 2013-10-10 13:51        855552        ----a-w-        c:\windows\system32\jscript.dll
2013-09-22 22:54 . 2013-10-10 13:51        3959296        ----a-w-        c:\windows\system32\jscript9.dll
2013-09-22 22:54 . 2013-10-10 13:51        53248        ----a-w-        c:\windows\system32\jsproxy.dll
2013-09-22 22:54 . 2013-10-10 13:51        67072        ----a-w-        c:\windows\system32\iesetup.dll
2013-09-22 22:54 . 2013-10-10 13:51        526336        ----a-w-        c:\windows\system32\ieui.dll
2013-09-22 22:54 . 2013-10-10 13:51        39936        ----a-w-        c:\windows\system32\iernonce.dll
2013-09-22 22:54 . 2013-10-10 13:51        2647552        ----a-w-        c:\windows\system32\iertutil.dll
2013-09-22 22:54 . 2013-10-10 13:51        136704        ----a-w-        c:\windows\system32\iesysprep.dll
2013-09-22 22:54 . 2013-10-10 13:51        15404544        ----a-w-        c:\windows\system32\ieframe.dll
2013-09-22 20:31 . 2013-09-22 20:31        283200        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2013-09-21 03:38 . 2013-10-10 13:51        2706432        ----a-w-        c:\windows\system32\mshtml.tlb
2013-09-21 03:30 . 2013-10-10 13:51        2706432        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48 . 2013-10-10 13:51        89600        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2013-09-21 02:39 . 2013-10-10 13:51        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-03 12:35 . 2013-01-06 19:19        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-08-28 01:21 . 2013-10-10 13:20        3155968        ----a-w-        c:\windows\system32\win32k.sys
2008-12-21 21:46        351744        --sha-w-        c:\windows\SysWOW64\avisynth.dll
2005-07-14 10:31        32256        --sh--w-        c:\windows\SysWOW64\AVSredirect.dll
2004-05-26 12:37        719872        --sha-w-        c:\windows\SysWOW64\devil.dll
2004-01-24 22:00        70656        --sh--w-        c:\windows\SysWOW64\i420vfw.dll
2004-01-24 22:00        70656        --sh--w-        c:\windows\SysWOW64\yv12vfw.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17        130736        ----a-w-        c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17        130736        ----a-w-        c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17        130736        ----a-w-        c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 17:20        459784        ----a-w-        c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-10-30 1820584]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-17 152392]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-11-03 356128]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"A1Diagnose"="c:\program files (x86)\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe" [2013-06-24 19959848]
.
c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 15:27        1185744        ----a-w-        c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-07 18:25]
.
2013-11-11 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2013-07-27 11:04]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-20 10:27]
.
2013-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-20 10:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17        164016        ----a-w-        c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17        164016        ----a-w-        c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17        164016        ----a-w-        c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17        164016        ----a-w-        c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2012-12-20 17:22        492040        ----a-w-        c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=F468BCAEC51B7E2B&affID=119357&tsp=4995
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oakg9lpu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00358/tb_v1?SearchSource=1&cc=&mi=f4689164000000000000bcaec51b7e2b&q=
FF - user.js: extensions.Softonic.id - f4689164000000000000bcaec51b7e2b
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 15970
FF - user.js: extensions.Softonic.vrsn - 1.8.21.14
FF - user.js: extensions.Softonic.vrsni - 1.8.21.14
FF - user.js: extensions.Softonic.vrsnTs - 1.8.21.1422:31
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - OC
FF - user.js: extensions.Softonic.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - 2013desingbrand
FF - user.js: extensions.Softonic.instlRef - MOY00358
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.ffxUnstlRst - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - false
FF - user.js: extensions.Softonic.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00358/tb_v1?SearchSource=13&cc=&mi=f4689164000000000000bcaec51b7e2b
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.dnsErr - true
FF - user.js: extensions.Softonic.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00358/tb_v1/?SearchSource=15&cc=&mi=f4689164000000000000bcaec51b7e2b
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Wondershare\Wondershare Helper Compact\1701013878\ Support\;c:\program files (x86)\Common Files\Apple\Apple Application Support*PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC*PROCESSOR_ARCHITECTURE=x86*PROCESSOR_ARCHITEW6432=AMD64*PROCESSOR_IDENTIFIER=AMD64 Family 16 Model 10 Stepping 0, Au]
"JoinUserExperience"=dword:00000001
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-11-11  20:31:40
ComboFix-quarantined-files.txt  2013-11-11 19:31
ComboFix2.txt  2013-11-11 19:20
.
Vor Suchlauf: 14 Verzeichnis(se), 35.229.184.000 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 35.022.626.816 Bytes frei
.
- - End Of File - - B1953D157681893D833A6F2C56FA9EF6
A36C5E4F47E84449FF07ED3517B43A31

MfG, maxt

schrauber 12.11.2013 11:02
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

maxt 12.11.2013 20:15
Bitteschön!

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.12.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Max :: MAX-PC [Administrator]

12.11.2013 19:28:57
mbam-log-2013-11-12 (19-28-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 230430
Laufzeit: 1 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\Users\Max\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\AppData\Roaming\OpenCandy\2BDB2CAD33564AA88471F92F962DA49D (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 9
C:\Users\Max\Downloads\DigiDNA.DiskAid.v5.42.zip (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\Downloads\DTLite4461-0327.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\Downloads\FreemakeVideoConverterSetup.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\Downloads\SoftonicDownloader_fuer_getdataback.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\Downloads\SoftonicDownloader_fuer_koyote-free-video-converter.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\Downloads\SoftonicDownloader_fuer_microsoft-pinball-for-windows-vista-7.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\Downloads\SoftonicDownloader_fuer_videora-ipod-converter.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\Downloads\SuperAntiSpyware - CHIP-Downloader.exe (PUP.Optional.DownloadSponsor.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Max\AppData\Roaming\OpenCandy\2BDB2CAD33564AA88471F92F962DA49D\Softonic_chr_p1v3.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
# AdwCleaner v3.012 - Bericht erstellt am 12/11/2013 um 19:42:34
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Max - MAX-PC
# Gestartet von : C:\Users\Max\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Max\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Max\AppData\Roaming\software4u
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oakg9lpu.default\searchplugins\softonic.xml
Datei Gelöscht : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oakg9lpu.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_koyote-free-video-converter_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_koyote-free-video-converter_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_videora-ipod-converter_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_videora-ipod-converter_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v25.0 (de)

[ Datei : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oakg9lpu.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.Softonic.admin", false);
Zeile gelöscht : user_pref("extensions.Softonic.aflt", "OC");
Zeile gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.Softonic.dnsErr", true);
Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Zeile gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true);
Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00358/tb_v1?SearchSource=13&cc=&mi=f4689164000000000000bcaec51b7e2b");
Zeile gelöscht : user_pref("extensions.Softonic.id", "f4689164000000000000bcaec51b7e2b");
Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "15970");
Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00358");
Zeile gelöscht : user_pref("extensions.Softonic.newTab", true);
Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00358/tb_v1/?SearchSource=15&cc=&mi=f4689164000000000000bcaec51b7e2b");
Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Zeile gelöscht : user_pref("extensions.Softonic.rvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "2013desingbrand");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00358/tb_v1?SearchSource=1&cc=&mi=f4689164000000000000bcaec51b7e2b&q=");
Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.21.1422:31:53");
Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.21.14");

-\\ Google Chrome v30.0.1599.101

[ Datei : C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4500 octets] - [12/11/2013 19:40:39]
AdwCleaner[S0].txt - [4253 octets] - [12/11/2013 19:42:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4313 octets] ##########

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Max on 12.11.2013 at 20:01:58,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5A7CFAC5-7B69-4E65-851B-BAE4929A2960}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\free video converter"



~~~ FireFox

Emptied folder: C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\oakg9lpu.default\minidumps [60 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.11.2013 at 20:05:25,81
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by Max (administrator) on MAX-PC on 12-11-2013 20:11:55
Running from C:\Users\Max\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CMedia) C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Dropbox, Inc.) C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files (x86)\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\SysWOW64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-03] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [A1Diagnose] - C:\Program Files (x86)\A1 Servicecenter\A1 Diagnose\A1Diagnose.exe [19959848 2013-06-24] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE0414435ED74CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oakg9lpu.default
FF Homepage: hxxp://www.google.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: firefox - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oakg9lpu.default\Extensions\firefox@mega.co.nz.xpi
FF Extension: Adblock Plus - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\oakg9lpu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com

Chrome:
=======
CHR HomePage: hxxp://www.golsearch.com/?babsrc=HP_ss_Btisdt6&mntrId=F468BCAEC51B7E2B&affID=119357&tsp=4995
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Extension: (Google Docs) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.2.558_0
CHR Extension: (Safe Money) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.2.558_0
CHR Extension: (Content Blocker) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.2.614_0
CHR Extension: (Virtual Keyboard) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.2.614_0
CHR Extension: (Google Wallet) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: (Anti-Banner) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.2.558_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-03] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-09-22] (DT Soft Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-11-03] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-11-03] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-03] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-03] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-03] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-03] (Kaspersky Lab ZAO)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-11-03] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-12 20:11 - 2013-11-12 20:11 - 01957590 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe
2013-11-12 20:05 - 2013-11-12 20:05 - 00001005 _____ C:\Users\Max\Desktop\JRT.txt
2013-11-12 19:57 - 2013-11-12 19:57 - 00000000 ____D C:\Windows\ERUNT
2013-11-12 19:46 - 2013-11-12 19:46 - 00004397 _____ C:\Users\Max\Desktop\AdwCleaner[S0].txt
2013-11-12 19:40 - 2013-11-12 19:42 - 00000000 ____D C:\AdwCleaner
2013-11-12 19:17 - 2013-11-12 19:17 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-12 19:17 - 2013-11-12 19:17 - 00000000 ____D C:\Users\Max\AppData\Roaming\Malwarebytes
2013-11-12 19:17 - 2013-11-12 19:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 19:17 - 2013-11-12 19:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 19:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-12 16:42 - 2013-11-12 16:42 - 01034531 _____ (Thisisu) C:\Users\Max\Desktop\JRT.exe
2013-11-12 16:41 - 2013-11-12 16:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Max\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-12 16:41 - 2013-11-12 16:41 - 01085542 _____ C:\Users\Max\Desktop\adwcleaner.exe
2013-11-12 16:09 - 2013-11-12 19:35 - 00004106 _____ C:\Windows\PFRO.log
2013-11-11 20:31 - 2013-11-11 20:31 - 00025913 _____ C:\ComboFix.txt
2013-11-11 20:13 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-11 20:13 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-11 20:13 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-11 20:13 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-11 20:13 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-11 20:13 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-11 20:13 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-11 20:13 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-11 20:12 - 2013-11-11 20:31 - 00000000 ____D C:\Qoobox
2013-11-11 20:12 - 2013-11-11 20:19 - 00000000 ____D C:\Windows\erdnt
2013-11-11 20:11 - 2013-11-11 14:01 - 05144727 ____R (Swearware) C:\Users\Max\Desktop\ComboFix.exe
2013-11-11 14:03 - 2013-11-11 17:41 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-11-11 14:03 - 2013-11-11 14:03 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2013-11-11 14:03 - 2013-11-11 14:03 - 00000000 ____D C:\ProgramData\Panda Security
2013-11-11 14:02 - 2013-11-11 14:02 - 00848856 _____ (Panda Security                                              ) C:\Users\Max\Downloads\USBVaccineSetup.exe
2013-11-11 14:01 - 2013-11-11 14:01 - 05144727 _____ (Swearware) C:\Users\Max\Downloads\ComboFix.exe
2013-11-09 16:05 - 2013-11-09 16:05 - 00000000 ____D C:\Users\Max\Desktop\E-Fotos
2013-11-09 15:44 - 2013-11-09 15:47 - 00043926 _____ C:\Users\Max\Downloads\FRST.txt
2013-11-09 15:44 - 2013-11-09 15:44 - 00019160 _____ C:\Users\Max\Downloads\Addition.txt
2013-11-09 15:42 - 2013-11-09 15:42 - 00000000 ____D C:\FRST
2013-11-09 11:02 - 2013-11-09 11:02 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Max\Downloads\unhide.exe
2013-11-07 17:34 - 2013-11-07 17:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-07 15:40 - 2013-11-12 20:00 - 00000616 _____ C:\Windows\setupact.log
2013-11-05 20:05 - 2013-11-05 20:05 - 29732385 _____ C:\Users\Max\Downloads\MAGIX Produkte mit dem Keygen von DiGiTAL INSANiTY aktivieren.mp4
2013-11-05 20:04 - 2013-11-05 20:06 - 05965689 _____ C:\Users\Max\Downloads\mgxapkg11-di.rar
2013-11-05 18:42 - 2013-11-05 18:42 - 00000000 ____D C:\Users\Max\AppData\Local\a1.net
2013-11-05 18:42 - 2013-09-08 13:35 - 00073184 ____N (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Windows\SysWOW64\SSDPDiscovery.dll
2013-11-05 18:42 - 2008-02-03 16:00 - 00648656 ____N (/n software inc. - www.nsoftware.com) C:\Windows\SysWOW64\ipworks6.dll
2013-11-05 18:38 - 2013-11-05 18:38 - 00000000 ____D C:\Users\Max\AppData\Roaming\mquadr.at
2013-11-05 18:38 - 2013-11-05 18:38 - 00000000 ____D C:\Users\Max\AppData\Local\a1ta
2013-11-05 18:38 - 2013-11-05 18:38 - 00000000 ____D C:\ProgramData\m2backup
2013-11-05 18:37 - 2013-11-12 19:25 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-05 18:37 - 2013-11-05 19:25 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-05 18:37 - 2013-11-05 18:44 - 00000000 ____D C:\Users\Max\AppData\Roaming\A1 Servicecenter
2013-11-05 18:37 - 2013-11-05 18:38 - 00000000 ____D C:\Users\Max\AppData\Local\mquadr.at
2013-11-05 18:37 - 2013-11-05 18:38 - 00000000 ____D C:\ProgramData\mquadr.at
2013-11-05 18:37 - 2013-11-05 18:37 - 00001327 _____ C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\A1 Servicecenter.lnk
2013-11-05 18:37 - 2013-11-05 18:37 - 00001303 _____ C:\Users\Public\Desktop\A1 Servicecenter.lnk
2013-11-05 18:37 - 2013-11-05 18:37 - 00000000 __HDC C:\ProgramData\{30B7C7A9-BE61-40B4-874B-7A3632052459}
2013-11-05 18:37 - 2013-11-05 18:37 - 00000000 ____D C:\Program Files (x86)\A1 Servicecenter
2013-11-05 18:37 - 2013-06-24 09:01 - 03747896 ____N (mquadr.at software engineering und consulting GmbH) C:\Windows\SysWOW64\M2ElevatedCalls.dll
2013-11-05 18:37 - 2013-06-24 09:01 - 03489368 ____N (mquadr.at software engineering & consulting GmbH) C:\Windows\SysWOW64\m2network64helper.exe
2013-11-05 18:37 - 2013-06-24 09:01 - 00961624 ____N (mquadr.at software engineering) C:\Windows\SysWOW64\M2ElevatedNetworkAdapters.dll
2013-11-05 18:37 - 2012-12-03 14:58 - 00279040 ____N (Nicomsoft Ltd.) C:\Windows\system32\WiFiMan.dll
2013-11-05 18:37 - 2012-12-03 14:57 - 00238592 ____N (Nicomsoft Ltd.) C:\Windows\SysWOW64\WiFiMan.dll
2013-11-05 18:33 - 2013-11-05 18:35 - 112826336 _____ (A1 Telekom Austria AG                                                                                                                                                                                                                                                                                      ) C:\Users\Max\Downloads\Setup_A1Servicecenter.exe
2013-11-05 18:23 - 2013-11-05 18:23 - 00000000 ____D C:\ProgramData\Sun
2013-11-05 18:23 - 2013-11-05 18:23 - 00000000 ____D C:\ProgramData\Oracle
2013-11-05 18:22 - 2013-11-05 18:22 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-05 18:22 - 2013-11-05 18:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-05 18:22 - 2013-11-05 18:22 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-05 18:22 - 2013-11-05 18:22 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-05 18:22 - 2013-11-05 18:22 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-05 18:20 - 2013-11-05 18:20 - 00915368 _____ (Oracle Corporation) C:\Users\Max\Downloads\jxpiinstall.exe
2013-11-03 23:31 - 2013-11-03 23:31 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2013-11-03 23:30 - 2013-11-03 23:30 - 00000000 ____D C:\ProgramData\Wondershare
2013-11-03 23:27 - 2013-11-03 23:27 - 40697064 _____ (Wondershare Software Co.,Ltd.                              ) C:\Users\Max\Downloads\drfone_full1284.exe
2013-11-03 23:18 - 2013-11-03 23:34 - 00000000 ____D C:\Program Files (x86)\Wondershare
2013-11-03 23:18 - 2013-11-03 23:18 - 00000000 ____D C:\Users\Max\AppData\Local\Wondershare
2013-11-03 23:11 - 2013-11-03 23:17 - 00000000 ____D C:\Users\Max\AppData\Roaming\GetRightToGo
2013-11-03 23:09 - 2013-11-03 23:09 - 00000000 ____D C:\Users\Max\AppData\Local\IsolatedStorage
2013-11-03 23:04 - 2013-11-03 23:04 - 04588568 _____ (Marx Software                                              ) C:\Users\Max\Downloads\IDM322Setup.exe
2013-11-03 23:02 - 2013-11-03 23:02 - 00368304 _____ (RegNow.com) C:\Users\Max\Downloads\Download_drfone_iphone4_full1130.exe
2013-11-03 21:32 - 2013-11-03 21:32 - 00000504 _____ C:\Users\Max\Documents\spLog.log
2013-11-03 21:04 - 2013-11-03 21:04 - 00002220 _____ C:\Users\Max\Desktop\Sicherer Zahlungsverkehr.lnk
2013-11-03 21:02 - 2013-11-03 21:02 - 00001078 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-11-03 21:02 - 2012-07-11 17:09 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2013-11-03 21:01 - 2011-06-02 14:39 - 00084536 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2013-11-03 21:01 - 2011-06-02 14:39 - 00066616 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2013-11-03 21:00 - 2013-11-12 20:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-03 21:00 - 2013-11-03 21:15 - 00626272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-11-03 21:00 - 2013-11-03 21:15 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-11-03 21:00 - 2013-11-03 21:00 - 00000000 ____D C:\Windows\ELAMBKUP
2013-11-03 21:00 - 2013-11-03 21:00 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-03 20:28 - 2013-11-03 20:30 - 188740896 _____ (Kaspersky Lab) C:\Users\Max\Downloads\pure13.0.2.558DE_4340(1).exe
2013-11-01 23:53 - 2013-11-01 23:53 - 00000000 ____D C:\Users\Max\AppData\Local\SKIDROW
2013-11-01 20:48 - 2013-11-01 20:48 - 00008938 _____ C:\Users\Max\Desktop\coke.xlsx
2013-10-23 19:34 - 2013-11-12 19:27 - 00008626 _____ C:\Windows\AutoKMS.log
2013-10-23 19:32 - 2013-10-23 19:32 - 00000000 _____ C:\Windows\setuperr.log
2013-10-21 15:58 - 2013-10-21 16:02 - 00000000 ____D C:\Users\Max\Downloads\8797909
2013-10-21 15:58 - 2013-10-21 15:58 - 00623838 _____ C:\Users\Max\Downloads\8797909.zip
2013-10-21 12:53 - 2013-10-21 13:05 - 00000000 ____D C:\Users\Max\Desktop\Mostviertler_Inno
2013-10-21 12:53 - 2013-10-21 12:53 - 00000000 ____D C:\Users\Max\Desktop\Jugend_inno
2013-10-16 12:33 - 2013-10-16 12:33 - 00000000 ____D C:\found.001

==================== One Month Modified Files and Folders =======

2013-11-12 20:11 - 2013-11-12 20:11 - 01957590 _____ (Farbar) C:\Users\Max\Desktop\FRST64.exe
2013-11-12 20:08 - 2009-07-14 05:45 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 20:08 - 2009-07-14 05:45 - 00013440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 20:05 - 2013-11-12 20:05 - 00001005 _____ C:\Users\Max\Desktop\JRT.txt
2013-11-12 20:03 - 2013-11-03 21:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-12 20:01 - 2013-07-25 10:19 - 00000000 ___RD C:\Users\Max\Dropbox
2013-11-12 20:01 - 2013-07-25 09:58 - 00000000 ____D C:\Users\Max\AppData\Roaming\Dropbox
2013-11-12 20:01 - 2013-03-09 16:46 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-12 20:00 - 2013-11-07 15:40 - 00000616 _____ C:\Windows\setupact.log
2013-11-12 20:00 - 2013-07-27 12:04 - 00000196 _____ C:\Windows\Tasks\AutoKMS.job
2013-11-12 20:00 - 2013-03-20 11:27 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-12 20:00 - 2013-01-06 20:08 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-12 20:00 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 19:59 - 2013-01-06 19:17 - 01595517 _____ C:\Windows\WindowsUpdate.log
2013-11-12 19:57 - 2013-11-12 19:57 - 00000000 ____D C:\Windows\ERUNT
2013-11-12 19:46 - 2013-11-12 19:46 - 00004397 _____ C:\Users\Max\Desktop\AdwCleaner[S0].txt
2013-11-12 19:42 - 2013-11-12 19:40 - 00000000 ____D C:\AdwCleaner
2013-11-12 19:35 - 2013-11-12 16:09 - 00004106 _____ C:\Windows\PFRO.log
2013-11-12 19:27 - 2013-10-23 19:34 - 00008626 _____ C:\Windows\AutoKMS.log
2013-11-12 19:27 - 2013-03-20 11:27 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-12 19:25 - 2013-11-05 18:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-12 19:17 - 2013-11-12 19:17 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-12 19:17 - 2013-11-12 19:17 - 00000000 ____D C:\Users\Max\AppData\Roaming\Malwarebytes
2013-11-12 19:17 - 2013-11-12 19:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-12 19:17 - 2013-11-12 19:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-12 16:42 - 2013-11-12 16:42 - 01034531 _____ (Thisisu) C:\Users\Max\Desktop\JRT.exe
2013-11-12 16:41 - 2013-11-12 16:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Max\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-12 16:41 - 2013-11-12 16:41 - 01085542 _____ C:\Users\Max\Desktop\adwcleaner.exe
2013-11-11 20:31 - 2013-11-11 20:31 - 00025913 _____ C:\ComboFix.txt
2013-11-11 20:31 - 2013-11-11 20:12 - 00000000 ____D C:\Qoobox
2013-11-11 20:30 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-11 20:20 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-11 20:19 - 2013-11-11 20:12 - 00000000 ____D C:\Windows\erdnt
2013-11-11 17:41 - 2013-11-11 14:03 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-11-11 14:03 - 2013-11-11 14:03 - 00003042 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2013-11-11 14:03 - 2013-11-11 14:03 - 00000000 ____D C:\ProgramData\Panda Security
2013-11-11 14:02 - 2013-11-11 14:02 - 00848856 _____ (Panda Security                                              ) C:\Users\Max\Downloads\USBVaccineSetup.exe
2013-11-11 14:01 - 2013-11-11 20:11 - 05144727 ____R (Swearware) C:\Users\Max\Desktop\ComboFix.exe
2013-11-11 14:01 - 2013-11-11 14:01 - 05144727 _____ (Swearware) C:\Users\Max\Downloads\ComboFix.exe
2013-11-11 13:51 - 2013-01-07 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-09 23:53 - 2013-09-19 13:25 - 00008205 _____ C:\Users\Max\Documents\TombRaider.log
2013-11-09 16:05 - 2013-11-09 16:05 - 00000000 ____D C:\Users\Max\Desktop\E-Fotos
2013-11-09 15:47 - 2013-11-09 15:44 - 00043926 _____ C:\Users\Max\Downloads\FRST.txt
2013-11-09 15:44 - 2013-11-09 15:44 - 00019160 _____ C:\Users\Max\Downloads\Addition.txt
2013-11-09 15:42 - 2013-11-09 15:42 - 00000000 ____D C:\FRST
2013-11-09 11:02 - 2013-11-09 11:02 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Max\Downloads\unhide.exe
2013-11-09 11:00 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-11-09 11:00 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-11-09 11:00 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-07 17:34 - 2013-11-07 17:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 20:06 - 2013-11-05 20:04 - 05965689 _____ C:\Users\Max\Downloads\mgxapkg11-di.rar
2013-11-05 20:05 - 2013-11-05 20:05 - 29732385 _____ C:\Users\Max\Downloads\MAGIX Produkte mit dem Keygen von DiGiTAL INSANiTY aktivieren.mp4
2013-11-05 19:25 - 2013-11-05 18:37 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-05 19:25 - 2013-01-07 22:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 19:25 - 2013-01-07 22:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-05 18:44 - 2013-11-05 18:37 - 00000000 ____D C:\Users\Max\AppData\Roaming\A1 Servicecenter
2013-11-05 18:42 - 2013-11-05 18:42 - 00000000 ____D C:\Users\Max\AppData\Local\a1.net
2013-11-05 18:38 - 2013-11-05 18:38 - 00000000 ____D C:\Users\Max\AppData\Roaming\mquadr.at
2013-11-05 18:38 - 2013-11-05 18:38 - 00000000 ____D C:\Users\Max\AppData\Local\a1ta
2013-11-05 18:38 - 2013-11-05 18:38 - 00000000 ____D C:\ProgramData\m2backup
2013-11-05 18:38 - 2013-11-05 18:37 - 00000000 ____D C:\Users\Max\AppData\Local\mquadr.at
2013-11-05 18:38 - 2013-11-05 18:37 - 00000000 ____D C:\ProgramData\mquadr.at
2013-11-05 18:37 - 2013-11-05 18:37 - 00001327 _____ C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\A1 Servicecenter.lnk
2013-11-05 18:37 - 2013-11-05 18:37 - 00001303 _____ C:\Users\Public\Desktop\A1 Servicecenter.lnk
2013-11-05 18:37 - 2013-11-05 18:37 - 00000000 __HDC C:\ProgramData\{30B7C7A9-BE61-40B4-874B-7A3632052459}
2013-11-05 18:37 - 2013-11-05 18:37 - 00000000 ____D C:\Program Files (x86)\A1 Servicecenter
2013-11-05 18:35 - 2013-11-05 18:33 - 112826336 _____ (A1 Telekom Austria AG                                                                                                                                                                                                                                                                                      ) C:\Users\Max\Downloads\Setup_A1Servicecenter.exe
2013-11-05 18:23 - 2013-11-05 18:23 - 00000000 ____D C:\ProgramData\Sun
2013-11-05 18:23 - 2013-11-05 18:23 - 00000000 ____D C:\ProgramData\Oracle
2013-11-05 18:22 - 2013-11-05 18:22 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-05 18:22 - 2013-11-05 18:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-05 18:22 - 2013-11-05 18:22 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-05 18:22 - 2013-11-05 18:22 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-05 18:22 - 2013-11-05 18:22 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-05 18:20 - 2013-11-05 18:20 - 00915368 _____ (Oracle Corporation) C:\Users\Max\Downloads\jxpiinstall.exe
2013-11-04 15:03 - 2013-06-09 17:47 - 00000000 ____D C:\Users\Max\Desktop\verkaufen
2013-11-03 23:34 - 2013-11-03 23:18 - 00000000 ____D C:\Program Files (x86)\Wondershare
2013-11-03 23:33 - 2013-03-20 11:29 - 00000000 ____D C:\Program Files\Recuva
2013-11-03 23:31 - 2013-11-03 23:31 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2013-11-03 23:30 - 2013-11-03 23:30 - 00000000 ____D C:\ProgramData\Wondershare
2013-11-03 23:27 - 2013-11-03 23:27 - 40697064 _____ (Wondershare Software Co.,Ltd.                              ) C:\Users\Max\Downloads\drfone_full1284.exe
2013-11-03 23:18 - 2013-11-03 23:18 - 00000000 ____D C:\Users\Max\AppData\Local\Wondershare
2013-11-03 23:17 - 2013-11-03 23:11 - 00000000 ____D C:\Users\Max\AppData\Roaming\GetRightToGo
2013-11-03 23:09 - 2013-11-03 23:09 - 00000000 ____D C:\Users\Max\AppData\Local\IsolatedStorage
2013-11-03 23:04 - 2013-11-03 23:04 - 04588568 _____ (Marx Software                                              ) C:\Users\Max\Downloads\IDM322Setup.exe
2013-11-03 23:02 - 2013-11-03 23:02 - 00368304 _____ (RegNow.com) C:\Users\Max\Downloads\Download_drfone_iphone4_full1130.exe
2013-11-03 21:32 - 2013-11-03 21:32 - 00000504 _____ C:\Users\Max\Documents\spLog.log
2013-11-03 21:15 - 2013-11-03 21:00 - 00626272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-11-03 21:15 - 2013-11-03 21:00 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-11-03 21:15 - 2012-10-18 14:50 - 00054368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-11-03 21:15 - 2012-09-03 18:23 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2013-11-03 21:15 - 2012-09-03 17:57 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2013-11-03 21:15 - 2012-08-13 16:49 - 00178448 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2013-11-03 21:15 - 2012-06-19 17:28 - 07717984 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-11-03 21:04 - 2013-11-03 21:04 - 00002220 _____ C:\Users\Max\Desktop\Sicherer Zahlungsverkehr.lnk
2013-11-03 21:02 - 2013-11-03 21:02 - 00001078 _____ C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2013-11-03 21:00 - 2013-11-03 21:00 - 00000000 ____D C:\Windows\ELAMBKUP
2013-11-03 21:00 - 2013-11-03 21:00 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-11-03 20:30 - 2013-11-03 20:28 - 188740896 _____ (Kaspersky Lab) C:\Users\Max\Downloads\pure13.0.2.558DE_4340(1).exe
2013-11-01 23:53 - 2013-11-01 23:53 - 00000000 ____D C:\Users\Max\AppData\Local\SKIDROW
2013-11-01 20:48 - 2013-11-01 20:48 - 00008938 _____ C:\Users\Max\Desktop\coke.xlsx
2013-10-23 19:32 - 2013-10-23 19:32 - 00000000 _____ C:\Windows\setuperr.log
2013-10-23 17:46 - 2013-01-18 22:46 - 00000000 ____D C:\Users\Max\AppData\Roaming\DAEMON Tools Lite
2013-10-23 17:46 - 2013-01-06 19:13 - 00000000 ____D C:\Windows\Panther
2013-10-21 20:27 - 2013-07-23 20:25 - 00000000 ____D C:\Users\Max\AppData\Roaming\vlc
2013-10-21 20:24 - 2013-09-22 21:34 - 00000000 ____D C:\Users\Max\AppData\Roaming\dvdcss
2013-10-21 16:02 - 2013-10-21 15:58 - 00000000 ____D C:\Users\Max\Downloads\8797909
2013-10-21 15:58 - 2013-10-21 15:58 - 00623838 _____ C:\Users\Max\Downloads\8797909.zip
2013-10-21 13:52 - 2013-09-10 20:26 - 00209920 _____ C:\Users\Max\Desktop\Aktienhandel.xlsx
2013-10-21 13:05 - 2013-10-21 12:53 - 00000000 ____D C:\Users\Max\Desktop\Mostviertler_Inno
2013-10-21 12:53 - 2013-10-21 12:53 - 00000000 ____D C:\Users\Max\Desktop\Jugend_inno
2013-10-20 00:34 - 2013-03-24 22:26 - 00000000 ____D C:\Users\Max\Documents\TmForever
2013-10-18 16:29 - 2013-03-20 11:30 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-16 12:33 - 2013-10-16 12:33 - 00000000 ____D C:\found.001
2013-10-13 15:22 - 2013-03-20 11:27 - 00004100 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-13 15:22 - 2013-03-20 11:27 - 00003848 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Max\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-11 16:32

==================== End Of Log ============================
--- --- ---



MfG, maxt

schrauber 13.11.2013 09:59

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131