Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Spyware eingefangen .... ! (https://www.trojaner-board.de/156723-spyware-eingefangen.html)

rotaran 22.07.2014 00:15

Spyware eingefangen .... !
 
hallo!
Das böse Internet hat mich mal wider reingelegt. Als ich mir den Audiograbber downloaden wollte ( als zuverlässig und sicher empfohlen) .. ähm und dies auch tat bekam ich unerwünschten Besuch.

KIS meldetet gleich eine Bedrohung und startete die Aktive Desinfektion. Danach Neustart und dann lies ich erstmal Malewarebyts durchlaufen. Es wurden 85 Einträge gefunden.Diese habe ich in dem Malewarebyts Menü in die Quarantäne verschoben und dann meldete das Programm das alles ok ist.

KIS findet auch nix mehr.

Allerdings find ich weder die Protokolldatei noch sonst was......... Hmmm Als Typ wurde ein Key diagnostieziert.... (Dann hättet ihr gliech was zum ansehen :glaskugel: )

Ok ..... Was nun ?? Ich erwarte in Demut eure Anweisungen

gruss
rotaran

PS: Hier das Log . habs nochgefunden :
Code:

<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2014/07/22 00:41:04 +0200</date>

<logfile>mbam-log-2014-07-22 (00-41-03).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.00.2.1012</version>

<malware-database>v2014.07.21.09</malware-database>

<rootkit-database>v2014.07.17.01</rootkit-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x64</arch>

<username>mr.x</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>347425</objects>

<time>793</time>

<processes>0</processes>

<modules>0</modules>

<keys>3</keys>

<values>2</values>

<datas>1</datas>

<folders>24</folders>

<files>55</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>enabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>


-<items>


-<key>

<path>HKU\S-1-5-21-648447735-2230146337-2693748210-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>257c6937f289ba7cf33e0e4a2dd554ac</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>465b237d7902b284d6ab18b1689ab050</hash>

</key>


-<key>

<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD</path>

<vendor>PUP.Optional.SearchProtect</vendor>

<action>success</action>

<hash>722fcbd5de9d5dd97343be0432d0a65a</hash>

</key>


-<value>

<path>HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT</path>

<valuename>InstallDir</valuename>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<valuedata>C:\PROGRA~2\SearchProtect</valuedata>

<hash>465b237d7902b284d6ab18b1689ab050</hash>

</value>


-<value>

<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD</path>

<valuename>ImagePath</valuename>

<vendor>PUP.Optional.SearchProtect</vendor>

<action>success</action>

<valuedata>\??\C:\Windows\system32\drivers\SPPD.sys</valuedata>

<hash>722fcbd5de9d5dd97343be0432d0a65a</hash>

</value>


-<data>

<path>HKU\S-1-5-21-648447735-2230146337-2693748210-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path>

<valuename>Start Page</valuename>

<vendor>PUP.Optional.Trovi.A</vendor>

<action>replaced</action>

<valuedata>http://www.trovi.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=MDD4153E9-21E9-48D7-8C91-3EC782736635&SearchSource=55&CUI=&UM=6&UP=SP345DB048-B58D-4D63-AA1B-A925BA52BB0E&SSPV=</valuedata>

<baddata>http://www.trovi.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=MDD4153E9-21E9-48D7-8C91-3EC782736635&SearchSource=55&CUI=&UM=6&UP=SP345DB048-B58D-4D63-AA1B-A925BA52BB0E&SSPV=</baddata>

<gooddata>www.google.com</gooddata>

<hash>722ffca4fa81f93d2dc94b5623e140c0</hash>

</data>


-<folder>

<path>C:\Program Files (x86)\SearchProtect</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\Main</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\Main\bin</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\Main\rep</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\SearchProtect</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\SearchProtect\bin</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\SearchProtect\rep</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\bin</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\libs</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protection</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\settings</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Program Files (x86)\SearchProtect\UI\rep</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</folder>


-<folder>

<path>C:\Users\mr.x\AppData\Local\SearchProtect</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</folder>


-<folder>

<path>C:\Users\mr.x\AppData\Local\SearchProtect\SearchProtect</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</folder>


-<folder>

<path>C:\Users\mr.x\AppData\Local\SearchProtect\SearchProtect\rep</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</folder>


-<folder>

<path>C:\Users\mr.x\AppData\Local\SearchProtect\SearchProtect\STG</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</folder>


-<folder>

<path>C:\Users\mr.x\AppData\Local\SearchProtect\UI</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</folder>


-<folder>

<path>C:\Users\mr.x\AppData\Local\SearchProtect\UI\rep</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</folder>


-<file>

<path>C:\Program Files (x86)\SearchProtect\EULA.txt</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>08991e82d6a5f046af8054b94db7a759</hash>

</file>


-<file>

<path>C:\Users\mr.x\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</file>


-<file>

<path>C:\Users\mr.x\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</file>


-<file>

<path>C:\Users\mr.x\AppData\Local\SearchProtect\UI\rep\UIRepository.dat</path>

<vendor>PUP.Optional.SearchProtect.A</vendor>

<action>success</action>

<hash>ddc4e1bf91ea4fe784054a7091712dd3</hash>

</file>


-<file>

<path>C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\prefs.js</path>

<vendor>PUP.Optional.Trovi</vendor>

<action>replaced</action>

<baddata>user_pref("browser.search.selectedEngine", "Trovi search");</baddata>

<gooddata/>

<hash>178accd4ed8e4ee895a1eaf1fe06738d</hash>

</file>


-<file>

<path>C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\prefs.js</path>

<vendor>PUP.Optional.Trovi.A</vendor>

<action>replaced</action>

<baddata>user_pref("browser.startup.homepage", "http://www.trovi.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=MDD4153E9-21E9-48D7-8C91-3EC782736635&SearchSource=55&CUI=&UM=6&UP=SP345DB048-B58D-4D63-AA1B-A925BA52BB0E&SSPV=");</baddata>

<gooddata/>

<hash>722f4060ea91cc6ae7e4a4377f85ba46</hash>

</file>


-<file>

<path>C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\prefs.js</path>

<vendor>PUP.Optional.Trovi.A</vendor>

<action>replaced</action>

<baddata>user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=MDD4153E9-21E9-48D7-8C91-3EC782736635&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP345DB048-B58D-4D63-AA1B-A925BA52BB0E");</baddata>

<gooddata/>

<hash>8021eeb22952f1450cc0578425dfea16</hash>

</file>

</items>

</mbam-log>


schrauber 22.07.2014 07:54

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


cosinus 22.07.2014 07:55

Hi,

sind das alle Logs? Was hat KIS denn genau gefunden?

Zitat:

Das böse Internet hat mich mal wider reingelegt.
Vermutlich bist du auch Opfer deiner Unaufmerksamkeit geworden :D
Es ist mittlerweile stark in Mode gekommen, Software sich von "irgendwo" runterzuladen. Die meisten Leute laden aus Gedankenlosigkeit/Faulheit Software einfach vom erstbesten Google-Suchergebnis runter, Quelle ist dann Softonic oder ähnlicher Müll, der Software gespickt mit Junkware anbietet.

Zudem muss man JEDE Software die man installiert, immer benutzerdefiniert installieren, damit man Toolbars und anderen unerwünschten Müll abwählen kann. Also:

1. Software nur aus sauberen Quellen laden (Originalhersteller-Seite, gute Alternative ist FilePony.de )
2. Software immer nach Möglichkeit benutzerdefiniert installieren und alles genau lesen

rotaran 22.07.2014 09:51

Code:

can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by mr.x (administrator) on MRX-PC on 22-07-2014 10:38:43
Running from C:\Users\mr.x\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [ScreenManager Pro for LCD (DDCCI)] => C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe [4751848 2012-12-14] (EIZO Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-648447735-2230146337-2693748210-1000\...\MountPoints2: {8eb5d7cc-600e-11e1-b42b-1c6f65472f2b} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\mr.x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\mr.x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default
FF Homepage: https://web.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-17]
FF Extension: BrowserProtect - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\browserprotect@browserprotect.com.xpi [2014-01-18]
FF Extension: Ghostery - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\firefox@ghostery.com.xpi [2014-01-17]
FF Extension: BetterPrivacy - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-17]
FF Extension: Adblock Edge - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-02-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-04]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-03]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-02-26] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-03] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-22 10:38 - 2014-07-22 10:38 - 00015820 _____ () C:\Users\mr.x\Desktop\FRST.txt
2014-07-22 10:38 - 2014-07-22 10:38 - 00000000 ____D () C:\Users\mr.x\Desktop\FRST-OlderVersion
2014-07-22 10:37 - 2014-07-22 10:37 - 02090496 _____ (Farbar) C:\Users\mr.x\Downloads\FRST64(1).exe
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieUserList
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieSiteList
2014-07-22 00:56 - 2014-07-22 10:30 - 00020522 _____ () C:\Windows\PFRO.log
2014-07-22 00:30 - 2014-07-22 00:30 - 00262144 _____ () C:\Windows\system32\config\elam
2014-07-21 11:09 - 2014-07-22 10:30 - 00000840 _____ () C:\Windows\setupact.log
2014-07-21 11:09 - 2014-07-21 11:09 - 00295432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-21 11:09 - 2014-07-21 11:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 14:37 - 2014-07-20 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-17 18:59 - 2014-07-17 18:59 - 00003588 _____ () C:\Users\mr.x\Downloads\arcane charge.txt
2014-07-10 15:14 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 15:14 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 15:14 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 15:14 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 15:14 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 15:14 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 15:14 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 15:14 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 15:14 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 15:14 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 15:14 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 15:14 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 15:14 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 15:14 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 15:14 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 15:14 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 15:14 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 15:14 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 15:14 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 15:14 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 15:14 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 15:14 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 15:14 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 15:14 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 15:14 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 15:14 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 15:14 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 15:14 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 15:14 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 15:14 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 15:14 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 15:14 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 15:14 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 15:14 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 15:14 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 15:14 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 15:14 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 15:14 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 15:14 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 15:14 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 15:14 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 15:14 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 15:14 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 15:14 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 15:14 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 15:14 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 15:14 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 15:14 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 15:14 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 15:14 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 15:14 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 15:14 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 15:14 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 15:14 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 15:14 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 15:14 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 15:14 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 15:14 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 15:14 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 15:14 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 15:14 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 15:14 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 15:13 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 15:13 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 15:13 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-28 00:10 - 2014-06-28 00:10 - 00048597 _____ () C:\Users\mr.x\Downloads\PreformAVEnabler3.04.zip
2014-06-24 15:50 - 2014-06-24 15:50 - 00242500 _____ () C:\Users\mr.x\Downloads\PetTracker_5.4.20.zip
2014-06-23 06:36 - 2014-06-23 06:36 - 00448512 _____ (OldTimer Tools) C:\Users\mr.x\Desktop\TFC.exe

==================== One Month Modified Files and Folders =======

2014-07-22 10:40 - 2014-07-22 10:38 - 00015820 _____ () C:\Users\mr.x\Desktop\FRST.txt
2014-07-22 10:38 - 2014-07-22 10:38 - 00000000 ____D () C:\Users\mr.x\Desktop\FRST-OlderVersion
2014-07-22 10:38 - 2014-02-25 12:59 - 00000000 ____D () C:\FRST
2014-07-22 10:38 - 2014-02-25 12:58 - 02090496 _____ (Farbar) C:\Users\mr.x\Desktop\FRST64.exe
2014-07-22 10:37 - 2014-07-22 10:37 - 02090496 _____ (Farbar) C:\Users\mr.x\Downloads\FRST64(1).exe
2014-07-22 10:37 - 2009-07-14 06:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 10:37 - 2009-07-14 06:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 10:34 - 2013-12-03 04:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-22 10:30 - 2014-07-22 00:56 - 00020522 _____ () C:\Windows\PFRO.log
2014-07-22 10:30 - 2014-07-21 11:09 - 00000840 _____ () C:\Windows\setupact.log
2014-07-22 10:30 - 2013-10-29 17:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-22 10:30 - 2012-02-26 04:25 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-07-22 10:30 - 2012-02-26 02:05 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-07-22 10:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 02:19 - 2013-10-29 17:49 - 01241367 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 01:52 - 2012-04-04 19:52 - 00000310 _____ () C:\Windows\Tasks\DMEPeriodicTask.job
2014-07-22 01:32 - 2012-08-15 21:06 - 00000000 ____D () C:\Users\mr.x\AppData\Roaming\TS3Client
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieUserList
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieSiteList
2014-07-22 01:08 - 2014-05-16 18:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 00:55 - 2012-02-26 01:54 - 00000000 ____D () C:\Users\mr.x
2014-07-22 00:31 - 2014-03-15 04:17 - 00000000 ____D () C:\Users\mr.x\AppData\Local\Battle.net
2014-07-22 00:30 - 2014-07-22 00:30 - 00262144 _____ () C:\Windows\system32\config\elam
2014-07-21 11:36 - 2014-01-19 12:36 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-21 11:36 - 2014-01-19 12:36 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-07-21 11:09 - 2014-07-21 11:09 - 00295432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-21 11:09 - 2014-07-21 11:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 14:37 - 2014-07-20 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 14:37 - 2014-01-30 19:26 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-17 18:59 - 2014-07-17 18:59 - 00003588 _____ () C:\Users\mr.x\Downloads\arcane charge.txt
2014-07-17 17:52 - 2012-08-15 21:05 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-15 17:29 - 2014-05-14 19:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-15 17:29 - 2014-05-14 19:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-13 22:00 - 2012-08-18 18:32 - 00000000 ____D () C:\Users\Gast\Desktop\special
2014-07-10 15:19 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 15:17 - 2013-08-07 19:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 15:16 - 2012-02-26 03:40 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 15:09 - 2014-03-15 04:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-30 23:04 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-28 00:10 - 2014-06-28 00:10 - 00048597 _____ () C:\Users\mr.x\Downloads\PreformAVEnabler3.04.zip
2014-06-24 15:50 - 2014-06-24 15:50 - 00242500 _____ () C:\Users\mr.x\Downloads\PetTracker_5.4.20.zip
2014-06-23 06:36 - 2014-06-23 06:36 - 00448512 _____ (OldTimer Tools) C:\Users\mr.x\Desktop\TFC.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-15 15:10

==================== End Of Log ============================

wo finde ich nochmal das Addition.txt ??

cosinus 22.07.2014 11:10

Was ist mit meiner Frage nach anderen bisherigen Logs?

Meinen anderen Text hast du auch gelesen :confused: frage nach, weil du darauf garnicht eingehst...

FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png



edit: sehe jetzt erst, dass schraubi schon wieder vor mir hier war :rofl:

rotaran 22.07.2014 21:00

Wem soll i nun folgen???:taenzer:

Ok hier nochmal alles :
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by mr.x (administrator) on MRX-PC on 22-07-2014 21:57:02
Running from C:\Users\mr.x\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [ScreenManager Pro for LCD (DDCCI)] => C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe [4751848 2012-12-14] (EIZO Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-648447735-2230146337-2693748210-1000\...\MountPoints2: {8eb5d7cc-600e-11e1-b42b-1c6f65472f2b} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\mr.x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\mr.x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default
FF Homepage: https://web.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-17]
FF Extension: BrowserProtect - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\browserprotect@browserprotect.com.xpi [2014-01-18]
FF Extension: Ghostery - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\firefox@ghostery.com.xpi [2014-01-17]
FF Extension: BetterPrivacy - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-17]
FF Extension: Adblock Edge - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-02-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-04]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-03]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-02-26] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-03] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-22 10:38 - 2014-07-22 21:58 - 00015763 _____ () C:\Users\mr.x\Desktop\FRST.txt
2014-07-22 10:37 - 2014-07-22 10:37 - 02090496 _____ (Farbar) C:\Users\mr.x\Downloads\FRST64(1).exe
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieUserList
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieSiteList
2014-07-22 00:56 - 2014-07-22 10:30 - 00020522 _____ () C:\Windows\PFRO.log
2014-07-22 00:30 - 2014-07-22 00:30 - 00262144 _____ () C:\Windows\system32\config\elam
2014-07-21 11:09 - 2014-07-22 21:50 - 00001008 _____ () C:\Windows\setupact.log
2014-07-21 11:09 - 2014-07-21 11:09 - 00295432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-21 11:09 - 2014-07-21 11:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 14:37 - 2014-07-20 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-17 18:59 - 2014-07-17 18:59 - 00003588 _____ () C:\Users\mr.x\Downloads\arcane charge.txt
2014-07-10 15:14 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 15:14 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 15:14 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 15:14 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 15:14 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 15:14 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 15:14 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 15:14 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 15:14 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 15:14 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 15:14 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 15:14 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 15:14 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 15:14 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 15:14 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 15:14 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 15:14 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 15:14 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 15:14 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 15:14 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 15:14 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 15:14 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 15:14 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 15:14 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 15:14 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 15:14 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 15:14 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 15:14 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 15:14 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 15:14 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 15:14 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 15:14 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 15:14 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 15:14 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 15:14 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 15:14 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 15:14 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 15:14 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 15:14 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 15:14 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 15:14 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 15:14 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 15:14 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 15:14 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 15:14 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 15:14 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 15:14 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 15:14 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 15:14 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 15:14 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 15:14 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 15:14 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 15:14 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 15:14 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 15:14 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 15:14 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 15:14 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 15:14 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 15:14 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 15:14 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 15:14 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 15:14 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 15:13 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 15:13 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 15:13 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-28 00:10 - 2014-06-28 00:10 - 00048597 _____ () C:\Users\mr.x\Downloads\PreformAVEnabler3.04.zip
2014-06-24 15:50 - 2014-06-24 15:50 - 00242500 _____ () C:\Users\mr.x\Downloads\PetTracker_5.4.20.zip
2014-06-23 06:36 - 2014-06-23 06:36 - 00448512 _____ (OldTimer Tools) C:\Users\mr.x\Desktop\TFC.exe

==================== One Month Modified Files and Folders =======

2014-07-22 21:58 - 2014-07-22 10:38 - 00015763 _____ () C:\Users\mr.x\Desktop\FRST.txt
2014-07-22 21:58 - 2009-07-14 06:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 21:58 - 2009-07-14 06:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 21:57 - 2014-02-25 12:59 - 00000000 ____D () C:\FRST
2014-07-22 21:56 - 2013-10-29 17:49 - 01269460 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 21:54 - 2013-12-03 04:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-22 21:52 - 2012-04-04 19:52 - 00000310 _____ () C:\Windows\Tasks\DMEPeriodicTask.job
2014-07-22 21:50 - 2014-07-21 11:09 - 00001008 _____ () C:\Windows\setupact.log
2014-07-22 21:50 - 2013-10-29 17:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-22 21:50 - 2012-02-26 04:25 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-07-22 21:50 - 2012-02-26 02:05 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-07-22 21:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 10:38 - 2014-02-25 12:58 - 02090496 _____ (Farbar) C:\Users\mr.x\Desktop\FRST64.exe
2014-07-22 10:37 - 2014-07-22 10:37 - 02090496 _____ (Farbar) C:\Users\mr.x\Downloads\FRST64(1).exe
2014-07-22 10:30 - 2014-07-22 00:56 - 00020522 _____ () C:\Windows\PFRO.log
2014-07-22 01:32 - 2012-08-15 21:06 - 00000000 ____D () C:\Users\mr.x\AppData\Roaming\TS3Client
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieUserList
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieSiteList
2014-07-22 01:08 - 2014-05-16 18:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 00:55 - 2012-02-26 01:54 - 00000000 ____D () C:\Users\mr.x
2014-07-22 00:31 - 2014-03-15 04:17 - 00000000 ____D () C:\Users\mr.x\AppData\Local\Battle.net
2014-07-22 00:30 - 2014-07-22 00:30 - 00262144 _____ () C:\Windows\system32\config\elam
2014-07-21 11:36 - 2014-01-19 12:36 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-21 11:36 - 2014-01-19 12:36 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-07-21 11:09 - 2014-07-21 11:09 - 00295432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-21 11:09 - 2014-07-21 11:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 14:37 - 2014-07-20 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 14:37 - 2014-01-30 19:26 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-17 18:59 - 2014-07-17 18:59 - 00003588 _____ () C:\Users\mr.x\Downloads\arcane charge.txt
2014-07-17 17:52 - 2012-08-15 21:05 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-15 17:29 - 2014-05-14 19:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-15 17:29 - 2014-05-14 19:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-13 22:00 - 2012-08-18 18:32 - 00000000 ____D () C:\Users\Gast\Desktop\special
2014-07-10 15:19 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 15:17 - 2013-08-07 19:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 15:16 - 2012-02-26 03:40 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 15:09 - 2014-03-15 04:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-30 23:04 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-28 00:10 - 2014-06-28 00:10 - 00048597 _____ () C:\Users\mr.x\Downloads\PreformAVEnabler3.04.zip
2014-06-24 15:50 - 2014-06-24 15:50 - 00242500 _____ () C:\Users\mr.x\Downloads\PetTracker_5.4.20.zip
2014-06-23 06:36 - 2014-06-23 06:36 - 00448512 _____ (OldTimer Tools) C:\Users\mr.x\Desktop\TFC.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-15 15:10

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---


Nur 2:
Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by mr.x at 2014-07-22 21:58:31
Running from C:\Users\mr.x\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ACDSee Foto-Manager 12 (HKLM-x32\...\{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}) (Version: 12.0.344 - ACD Systems International Inc.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
B109a-m (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Easy Tune 6 B10.0521.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
FormatFactory 2.95 (HKLM-x32\...\FormatFactory) (Version: 2.95 - Free Time)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{61CF2C86-8E46-4210-A115-E4D6C65AF369}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PS_AIO_06_B109a-m_SW_Min (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScreenManager Pro for LCD (DDC/CI) (HKLM-x32\...\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}) (Version: 2.3.3 - EIZO Corporation)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.14.58 - Client Connect LTD) <==== ATTENTION
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart 6 B10.0422.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
WarrantyExtension (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKCU\...\{7129FC23-A106-4F45-9D47-E36342C1D310}) (Version: 21.00.8480 - Buhl Data Service GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Restore Points  =========================

07-07-2014 19:35:32 Automatic creation
08-07-2014 17:42:40 Automatic creation
09-07-2014 17:48:22 Automatic creation
10-07-2014 13:51:34 Automatic creation
11-07-2014 17:09:22 Automatic creation
12-07-2014 21:35:04 Automatic creation
13-07-2014 21:26:04 Automatic creation
14-07-2014 17:10:58 Automatic creation
15-07-2014 15:56:37 Automatic creation
16-07-2014 12:45:13 Automatic creation
17-07-2014 15:17:30 Automatic creation
18-07-2014 20:25:22 Automatic creation
19-07-2014 20:41:51 Automatic creation
20-07-2014 17:12:39 Automatic creation
21-07-2014 23:26:35 Automatic creation
22-07-2014 09:00:29 Automatic creation
22-07-2014 19:55:51 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {7E578444-5154-4D62-A4A8-A7EDE776DEF7} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {8ABE2292-9094-4E79-A7A4-45872B7868D4} - System32\Tasks\DMEPeriodicTask => C:\Program Files (x86)\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe [2009-06-16] (Hewlett-Packard)
Task: {A20AC01E-9C49-4EDF-B901-E68ACFC5DC09} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: {D42C1AC9-3D30-42B4-8725-E1C92FFC8714} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E6E12869-4BA3-4828-B31E-EF1416AE4529} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: C:\Windows\Tasks\DMEPeriodicTask.job => C:\Program Files (x86)\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe

==================== Loaded Modules (whitelisted) =============

2013-10-29 17:27 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-26 02:03 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2012-02-26 02:03 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-01-17 03:24 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2014 11:00:29 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {0721005b-2f34-409b-a4a7-90ddddf2cc9a}

Error: (07/22/2014 01:26:34 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {837f9bd7-810c-4403-a899-4c420ff75daa}

Error: (07/21/2014 10:27:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {e6e89c7c-a436-4c72-90a1-fb1d0086246e}


System errors:
=============
Error: (07/22/2014 00:35:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎22.‎07.‎2014 um 00:34:28 unerwartet heruntergefahren.

Error: (07/22/2014 00:33:06 AM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (07/22/2014 11:00:29 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {0721005b-2f34-409b-a4a7-90ddddf2cc9a}

Error: (07/22/2014 01:26:34 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {837f9bd7-810c-4403-a899-4c420ff75daa}

Error: (07/21/2014 10:27:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {e6e89c7c-a436-4c72-90a1-fb1d0086246e}


CodeIntegrity Errors:
===================================
  Date: 2014-06-15 15:14:25.837
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.837
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.821
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.775
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.775
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.743
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-25 07:04:39.177
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-25 07:04:39.177
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-25 07:04:39.162
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-25 07:04:39.115
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 8119.49 MB
Available physical RAM: 5802.55 MB
Total Pagefile: 16237.16 MB
Available Pagefile: 13717.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:348.48 GB) (Free:255.98 GB) NTFS
Drive d: (Volume) (Fixed) (Total:117.19 GB) (Free:117.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 84DF4A66)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=348 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=117 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Das KIS Log find i zwar aber weiss net wo ich die Text Version finde ..... ich such noch mal Gleich wider da

cosinus 22.07.2014 21:07

Ich klink mich hier aus, schrauber hilft dir. Kaplah! :D

rotaran 22.07.2014 21:10

Zitat:

Zitat von cosinus (Beitrag 1333820)
Ich klink mich hier aus, schrauber hilft dir. Kaplah! :D

Du ..........)/(&%%&/())= Hmpf , wenn die Sternenflotte mal richtig Qapla' sagen würden....


Qapla'

:glaskugel2:

:blabla:

cosinus 22.07.2014 21:12

Nach einem Teller Gagh und einem Krug Blutwein schreibt man nicht mehr richtig :blabla:

rotaran 22.07.2014 21:16

Back to Topic ! :kaffee:

Kannst Du mir noch schnell sagen wo ich das KIS Log finde? Ich such mich schon tot :headbang:

cosinus 22.07.2014 21:49

So auf die Schnelle leider nicht...mach doch mal ein Feuerchen und glaube fest an Kahless, der zeigt dir schon den rechten Pfad :blabla:

Mal so als Überlegung: aus dem Hauptmenü wirst du nicht schlau? Wir können hier leider nicht zu jedem der AV-Lösungen eine bebilderte Anleitung liefern...

rotaran 22.07.2014 21:54

I don't need a Fire to belive in Kahless ! :singsing:

Im Hauptmenü komm ich schon zu den Berichten, aber wie ich die in was textiges konvertiere oder wo auch immer KIS diese Logs in Text Form speichert :glaskugel:

cosinus 22.07.2014 21:56

Dann lass es einfach sein :D

Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


rotaran 22.07.2014 22:27

Hier Nr.1

Code:

# AdwCleaner v3.216 - Bericht erstellt am 22/07/2014 um 23:05:26
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : mr.x - MRX-PC
# Gestartet von : C:\Users\mr.x\Desktop\adwcleaner_3.216.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\browserprotect@browserprotect.com.xpi

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\a5qjghpl.default\prefs.js ]


[ Datei : C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1412 octets] - [22/07/2014 23:04:46]
AdwCleaner[S0].txt - [1333 octets] - [22/07/2014 23:05:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1393 octets] ##########

Nr.2
Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by mr.x on 22.07.2014 at 23:11:28,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\mr.x\AppData\Roaming\mozilla\firefox\profiles\i8knnz7q.default\minidumps [86 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.07.2014 at 23:19:58,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und ein frisches FRST


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by mr.x (administrator) on MRX-PC on 22-07-2014 23:22:24
Running from C:\Users\mr.x\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(EIZO Corporation) C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [ScreenManager Pro for LCD (DDCCI)] => C:\Program Files (x86)\EIZO\ScreenManager Pro for LCD (DDCCI)\LcdctrlDdcci.exe [4751848 2012-12-14] (EIZO Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-648447735-2230146337-2693748210-1000\...\MountPoints2: {8eb5d7cc-600e-11e1-b42b-1c6f65472f2b} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\Users\mr.x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
Startup: C:\Users\mr.x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default
FF Homepage: https://web.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-17]
FF Extension: Ghostery - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\firefox@ghostery.com.xpi [2014-01-17]
FF Extension: BetterPrivacy - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-17]
FF Extension: Adblock Edge - C:\Users\mr.x\AppData\Roaming\Mozilla\Firefox\Profiles\i8knnz7q.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-02-26]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-04]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-03]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-03]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-02-26] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-03] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-22 23:19 - 2014-07-22 23:19 - 00000755 _____ () C:\Users\mr.x\Desktop\JRT.txt
2014-07-22 23:10 - 2014-07-22 23:10 - 01016261 _____ (Thisisu) C:\Users\mr.x\Desktop\JRT.exe
2014-07-22 23:04 - 2014-07-22 23:05 - 00000000 ____D () C:\AdwCleaner
2014-07-22 23:02 - 2014-07-22 23:02 - 01354223 _____ () C:\Users\mr.x\Desktop\adwcleaner_3.216.exe
2014-07-22 21:58 - 2014-07-22 21:59 - 00022361 _____ () C:\Users\mr.x\Desktop\Addition.txt
2014-07-22 10:38 - 2014-07-22 23:22 - 00015755 _____ () C:\Users\mr.x\Desktop\FRST.txt
2014-07-22 10:37 - 2014-07-22 10:37 - 02090496 _____ (Farbar) C:\Users\mr.x\Downloads\FRST64(1).exe
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieUserList
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieSiteList
2014-07-22 00:56 - 2014-07-22 23:06 - 00020832 _____ () C:\Windows\PFRO.log
2014-07-22 00:30 - 2014-07-22 00:30 - 00262144 _____ () C:\Windows\system32\config\elam
2014-07-21 11:09 - 2014-07-22 23:06 - 00001176 _____ () C:\Windows\setupact.log
2014-07-21 11:09 - 2014-07-21 11:09 - 00295432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-21 11:09 - 2014-07-21 11:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 14:37 - 2014-07-20 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-17 18:59 - 2014-07-17 18:59 - 00003588 _____ () C:\Users\mr.x\Downloads\arcane charge.txt
2014-07-10 15:14 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 15:14 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 15:14 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 15:14 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 15:14 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 15:14 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 15:14 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 15:14 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 15:14 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 15:14 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 15:14 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 15:14 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 15:14 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 15:14 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 15:14 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 15:14 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 15:14 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 15:14 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 15:14 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 15:14 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 15:14 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 15:14 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 15:14 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 15:14 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 15:14 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 15:14 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 15:14 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 15:14 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 15:14 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 15:14 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 15:14 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 15:14 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 15:14 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 15:14 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 15:14 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 15:14 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 15:14 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 15:14 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 15:14 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 15:14 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 15:14 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 15:14 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 15:14 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 15:14 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 15:14 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 15:14 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 15:14 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 15:14 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 15:14 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 15:14 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 15:14 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 15:14 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 15:14 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 15:14 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 15:14 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 15:14 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 15:14 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 15:14 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 15:14 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 15:14 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 15:14 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 15:14 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 15:13 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 15:13 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 15:13 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-28 00:10 - 2014-06-28 00:10 - 00048597 _____ () C:\Users\mr.x\Downloads\PreformAVEnabler3.04.zip
2014-06-24 15:50 - 2014-06-24 15:50 - 00242500 _____ () C:\Users\mr.x\Downloads\PetTracker_5.4.20.zip
2014-06-23 06:36 - 2014-06-23 06:36 - 00448512 _____ (OldTimer Tools) C:\Users\mr.x\Desktop\TFC.exe

==================== One Month Modified Files and Folders =======

2014-07-22 23:22 - 2014-07-22 10:38 - 00015755 _____ () C:\Users\mr.x\Desktop\FRST.txt
2014-07-22 23:22 - 2014-02-25 12:59 - 00000000 ____D () C:\FRST
2014-07-22 23:19 - 2014-07-22 23:19 - 00000755 _____ () C:\Users\mr.x\Desktop\JRT.txt
2014-07-22 23:14 - 2009-07-14 06:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 23:14 - 2009-07-14 06:45 - 00014960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 23:11 - 2013-10-29 17:49 - 01276258 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 23:10 - 2014-07-22 23:10 - 01016261 _____ (Thisisu) C:\Users\mr.x\Desktop\JRT.exe
2014-07-22 23:08 - 2013-12-03 04:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-22 23:06 - 2014-07-22 00:56 - 00020832 _____ () C:\Windows\PFRO.log
2014-07-22 23:06 - 2014-07-21 11:09 - 00001176 _____ () C:\Windows\setupact.log
2014-07-22 23:06 - 2013-10-29 17:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-22 23:06 - 2012-02-26 04:25 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-07-22 23:06 - 2012-02-26 02:05 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-07-22 23:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 23:05 - 2014-07-22 23:04 - 00000000 ____D () C:\AdwCleaner
2014-07-22 23:02 - 2014-07-22 23:02 - 01354223 _____ () C:\Users\mr.x\Desktop\adwcleaner_3.216.exe
2014-07-22 22:52 - 2012-04-04 19:52 - 00000310 _____ () C:\Windows\Tasks\DMEPeriodicTask.job
2014-07-22 21:59 - 2014-07-22 21:58 - 00022361 _____ () C:\Users\mr.x\Desktop\Addition.txt
2014-07-22 10:38 - 2014-02-25 12:58 - 02090496 _____ (Farbar) C:\Users\mr.x\Desktop\FRST64.exe
2014-07-22 10:37 - 2014-07-22 10:37 - 02090496 _____ (Farbar) C:\Users\mr.x\Downloads\FRST64(1).exe
2014-07-22 01:32 - 2012-08-15 21:06 - 00000000 ____D () C:\Users\mr.x\AppData\Roaming\TS3Client
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieUserList
2014-07-22 01:23 - 2014-07-22 01:23 - 00000000 __SHD () C:\Users\mr.x\AppData\Local\EmieSiteList
2014-07-22 01:08 - 2014-05-16 18:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 00:55 - 2012-02-26 01:54 - 00000000 ____D () C:\Users\mr.x
2014-07-22 00:31 - 2014-03-15 04:17 - 00000000 ____D () C:\Users\mr.x\AppData\Local\Battle.net
2014-07-22 00:30 - 2014-07-22 00:30 - 00262144 _____ () C:\Windows\system32\config\elam
2014-07-21 11:36 - 2014-01-19 12:36 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-21 11:36 - 2014-01-19 12:36 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-07-21 11:09 - 2014-07-21 11:09 - 00295432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-21 11:09 - 2014-07-21 11:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-20 14:37 - 2014-07-20 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-20 14:37 - 2014-01-30 19:26 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iTunes
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files\iPod
2014-07-20 14:36 - 2014-07-20 14:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-17 18:59 - 2014-07-17 18:59 - 00003588 _____ () C:\Users\mr.x\Downloads\arcane charge.txt
2014-07-17 17:52 - 2012-08-15 21:05 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-15 17:29 - 2014-05-14 19:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-15 17:29 - 2014-05-14 19:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-13 22:00 - 2012-08-18 18:32 - 00000000 ____D () C:\Users\Gast\Desktop\special
2014-07-10 15:19 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 15:17 - 2013-08-07 19:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 15:16 - 2012-02-26 03:40 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 15:09 - 2014-03-15 04:17 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-30 23:04 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-28 00:10 - 2014-06-28 00:10 - 00048597 _____ () C:\Users\mr.x\Downloads\PreformAVEnabler3.04.zip
2014-06-24 15:50 - 2014-06-24 15:50 - 00242500 _____ () C:\Users\mr.x\Downloads\PetTracker_5.4.20.zip
2014-06-23 06:36 - 2014-06-23 06:36 - 00448512 _____ (OldTimer Tools) C:\Users\mr.x\Desktop\TFC.exe

Some content of TEMP:
====================
C:\Users\mr.x\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-15 15:10

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---


Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by mr.x at 2014-07-22 23:22:41
Running from C:\Users\mr.x\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ACDSee Foto-Manager 12 (HKLM-x32\...\{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}) (Version: 12.0.344 - ACD Systems International Inc.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
B109a-m (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Easy Tune 6 B10.0521.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
FormatFactory 2.95 (HKLM-x32\...\FormatFactory) (Version: 2.95 - Free Time)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{61CF2C86-8E46-4210-A115-E4D6C65AF369}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PS_AIO_06_B109a-m_SW_Min (x32 Version: 130.0.396.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ScreenManager Pro for LCD (DDC/CI) (HKLM-x32\...\{DAB265AD-27B2-4651-B8D8-F4F3A8ECC705}) (Version: 2.3.3 - EIZO Corporation)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Smart 6 B10.0422.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
WarrantyExtension (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2014 (HKCU\...\{7129FC23-A106-4F45-9D47-E36342C1D310}) (Version: 21.00.8480 - Buhl Data Service GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Restore Points  =========================

07-07-2014 19:35:32 Automatic creation
08-07-2014 17:42:40 Automatic creation
09-07-2014 17:48:22 Automatic creation
10-07-2014 13:51:34 Automatic creation
11-07-2014 17:09:22 Automatic creation
12-07-2014 21:35:04 Automatic creation
13-07-2014 21:26:04 Automatic creation
14-07-2014 17:10:58 Automatic creation
15-07-2014 15:56:37 Automatic creation
16-07-2014 12:45:13 Automatic creation
17-07-2014 15:17:30 Automatic creation
18-07-2014 20:25:22 Automatic creation
19-07-2014 20:41:51 Automatic creation
20-07-2014 17:12:39 Automatic creation
21-07-2014 23:26:35 Automatic creation
22-07-2014 20:20:36 Automatic creation

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {7E578444-5154-4D62-A4A8-A7EDE776DEF7} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {8ABE2292-9094-4E79-A7A4-45872B7868D4} - System32\Tasks\DMEPeriodicTask => C:\Program Files (x86)\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe [2009-06-16] (Hewlett-Packard)
Task: {A20AC01E-9C49-4EDF-B901-E68ACFC5DC09} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: {D42C1AC9-3D30-42B4-8725-E1C92FFC8714} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E6E12869-4BA3-4828-B31E-EF1416AE4529} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: C:\Windows\Tasks\DMEPeriodicTask.job => C:\Program Files (x86)\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe

==================== Loaded Modules (whitelisted) =============

2013-10-29 17:27 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-26 02:03 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2012-02-26 02:03 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-01-17 03:24 - 2014-06-06 06:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-15 17:29 - 2014-07-15 17:29 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-06-15 15:14:25.837
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.837
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.821
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.775
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.775
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-15 15:14:25.743
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-25 07:04:39.177
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-25 07:04:39.177
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-25 07:04:39.162
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-25 07:04:39.115
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 8119.49 MB
Available physical RAM: 6065.13 MB
Total Pagefile: 16237.16 MB
Available Pagefile: 13936.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:348.48 GB) (Free:256.25 GB) NTFS
Drive d: (Volume) (Fixed) (Total:117.19 GB) (Free:117.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 84DF4A66)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=348 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=117 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Und noch ne Frage: Malewarebyts erste Untersuchung... da habe ich alles in Qarnatäne verschoben... muss das nicht auch gelöscht werden??

cosinus 22.07.2014 22:46

Überleg mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

rotaran 23.07.2014 10:10

Also soll ich Malewarybyts nicht platt machen? ... Habn ungutes Gefühl dabei.



Sorry , sitze etwas auf heißen Kohlen :pfeiff:


Ist mein System nun sauber?

cosinus 23.07.2014 10:16

Zitat:

Zitat von rotaran (Beitrag 1333873)
Also soll ich Malewarybyts nicht platt machen? ... Habn ungutes Gefühl dabei.

Was habt ihr alle immer nur mit der Quarantäne :wtf:

Verdeutliche dir mal mal den Begriff "Quarantäne" - woran denkst du dann da?

Was ist Sinn und Zweck einer Quarantäne? Welchen Sinn hätte eine solche wenn die sich von der "normalen Ablegung" ins Dateisystem nicht unterscheiden würde?

Mal davon abgesehen, dass du im Prinzip nur selbstinstallierte Adware drauf hattest...

rotaran 23.07.2014 10:19

Is ja gut :glaskugel2:

Aber würdest Du mal zu meiner zweiten Frage was sagen? ... :blabla:

Ist das System nun sauber??? Will endlich wieder alles nützen , wegs dem Keylogger und so, also ist er komplett beseitigt ??

Und was kommt noch? Letztes mal kam noch son Aufräum Tool das alle Cleaner wieder deinstaliert hat etc ??

cosinus 23.07.2014 11:36

FRST Logs sind ok, Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


rotaran 23.07.2014 21:39

Code:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 23.07.2014
Suchlauf-Zeit: 22:08:10
Logdatei: log 23.7.14.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.23.08
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: mr.x

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 349316
Verstrichene Zeit: 22 Min, 17 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)


cosinus 23.07.2014 22:07

Ok, fehlt noch ESET

rotaran 23.07.2014 23:43

Son ein Schei.....

Code:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5ab5d0d1c6597c468626e0a108be85fa
# engine=19316
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-23 10:33:39
# local_time=2014-07-24 12:33:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 6149 37629241 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 95840 157784669 0 0
# scanned=168252
# found=4
# cleaned=4
# scan_time=5671
sh=04C48C93FBFE1066A080CAE831B05ED5173E0BAF ft=1 fh=04a3da4cc1ddd318 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\CPUID\PC Wizard 2012\pc-wizard_2012.2.11-setup.exe"
sh=2E9FC5EE22DDB3588857BAEB1EC51885EB3D3C27 ft=1 fh=78aa2c558c3526a3 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Gast\Downloads\ccsetup318.exe"
sh=7EF1CA17E9835CBBA989D1F2CFEF4B794D928D13 ft=1 fh=c7fc25b20d8e6134 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Gast\Downloads\ccsetup320.exe"
sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mr.x\Downloads\ccsetup411.exe"

Leider habe ich ein Fehler gemacht und das Häckchen bei nicht entfernen vergessen.... das Tool hat nun alles gelöscht

cosinus 23.07.2014 23:48

Das sind eh nur hysterische Funde in alten Setups...


TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.




Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

rotaran 23.07.2014 23:52

puhh. schwitz .......! und i dacht schon das ich das System neu aufsetzen muss :pfui:

Den Oldtimer Cleaner habe ich sowieso druff und schon mal heute laufen lassen. Und gerade nochmal. Is das evnetuell ein Problem??????

cosinus 23.07.2014 23:58

Nee...das Ding leert nur Temp-Ordner, Papierkorb usw...mehr als das braucht man im Prinzip nicht, kannst es ja einmal die Woche ausführen oder so.

rotaran 24.07.2014 00:00

Alles klar ... dan nehm mal Schluck Bloodwine und ne Runde Gagch !!! Vielen Dank Dir !


Qapla'

Long Live The Klingon Empire !!!

cosinus 24.07.2014 00:02

Ich bleibe lieber bei vulkanischem Kräutertee :blabla:

Dann wären wir durch! :daumenhoc


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.






Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

rotaran 24.07.2014 00:11

Jo , java war veraltet ! Is in Download :lach: Den Rest werd ich auch weiterhin beherzigen, Pw oder Cookies werden eh nicht gespeichert und Ghostery verwende ich sowieso :crazy:

Fotzenbachi und Co boykotiere ich :aufsmaul:


:dankeschoen:

Qapla'

Live long and Prosper !!

cosinus 24.07.2014 00:42

Zitat:

Zitat von rotaran (Beitrag 1334392)
Fotzenbachi und Co boykotiere ich :aufsmaul:

Fotzenbachi? Wersndas? :D
Sry, ich komme nicht aus Bayern, bin viel zu weit nördlich des Weischwurscht Äquators und so einer wie du würde mich wohl auch als Fischkopp titulieren :blabla:

schrauber 24.07.2014 19:10

einfach mal meinen Thread mopsen :D

cosinus 24.07.2014 19:21

Ich war nur eine Minute nach dir da :D also mach mal halblang Herr Schrau Bär :blabla:

schrauber 24.07.2014 19:23

wer zuerst kommt malt zuerst. musst du schneller werden :D

cosinus 24.07.2014 19:28

Habs erst gemerkt als ich schon mittendrin war...da zieh ich mich auch nicht mehr zurück, also musst du auch mal das nachsehen haben :D

rotaran 24.07.2014 23:29

Zitat:

Zitat von cosinus (Beitrag 1334397)
Fotzenbachi? Wersndas? :D
Sry, ich komme nicht aus Bayern, bin viel zu weit nördlich des Weischwurscht Äquators und so einer wie du würde mich wohl auch als Fischkopp titulieren :blabla:


Für die Fischköppe .... :zunge: Fotzennbachi = Facebook

und ... das hab ich auch net erlebt ihr zwei @ Schrauber und Cosinus .. das sich gleich 2 *Masterchiefs* sich um mein Problem battelen :sword2: da schwillt meine Brust mal geschwind an :Boogie: und zwar gaaaaanz grosssss:blabla:

schrauber 25.07.2014 17:40

dann werf ma den dunkeldeutschen Fischkopp aus unsrer bayrischen Runde :D

cosinus 25.07.2014 21:34

sei du mal ganz leise mit deinen nicht-bayrischen Ursprüngen :zunge:


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19