Performersoft LLC - Installer erfordert Berechtigung

Kuranda · 09.08.2013

Guten Tag

Ich benutze zum ersten Mal das Forum. Nun möchte ich wissen, ob Sie oder jemand mit helfen kann. Wenn ich meinen Laptop, Windows 7, starte, erhalte ich immer die Meldung: Installer erfordert Berechtigung. Dann kommt weiter ein Fenster mit: Programmname: Installer. Verifizierter Herausgeber: Performersoft LLC. Dateiursprung: Festplatt auf diesem Computer. Programmpfad: "C:\ProgrammData\IBUUpdaterService\ibsvc, /Updater. Nach ....ibsvc, .... ist noch ein Zeichen wie ein kleines höher gestelltes Komma, das ich aber auf der Tastatur nicht finden kann.

Dieses Problem hatte ich früher nie. Ich kann das Programm und den Pfad auch nirgends finden, somit auch nicht löschen. Mein Virenschutzprogramm hat keine Meldung herausgegeben.

Ich wäre sehr froh, wenn mir jemand helfen könnten. Besten Dank im voraus und freundliche Grüsse.

schrauber · 09.08.2013

Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Scan.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Kuranda · 09.08.2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by Tukan (ATTENTION: The logged in user is not administrator) on 09-08-2013 16:58:02
Running from C:\Users\Tukan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(PC Drivers Headquarters) C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe
(Anoto AB) C:\Program Files (x86)\CREALOGIX E-Payment AG\PayPen\PayPen.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Dropbox, Inc.) C:\Users\Tukan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Anoto AB) C:\Program Files (x86)\CREALOGIX E-Payment AG\PayPen\CPenDesk.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe
() C:\Program Files (x86)\CREALOGIX E-Payment AG\PayPen\CPenOCR.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\klwtblfs.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-05] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10361616 2011-02-11] (Intel Corporation)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [4002248 2013-01-07] (O&O Software GmbH)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [DIMUpdate wird heruntergeladen...1300677038394] - c:\programdata\corel\downloads\540214035_807001\1300677038394\dim_params.xml [1060 2011-07-01] ()
HKCU\...\Run: [DriverBoost] - C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [3978096 2013-07-22] (PC Drivers Headquarters)
MountPoints2: {6d866fcb-2c0d-11e2-959d-00262dc79d5a} - F:\LaunchU3.exe -a
MountPoints2: {fbec8e90-6edd-11e2-8a97-00262dc79d5a} - "F:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2010-12-16] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-07] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SOSUAUI] - C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [53144 2013-04-01] (Malwarebytes Secure Backup)
HKLM-x32\...\Run: [SMessaging] - C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe [63896 2013-04-01] (Malwarebytes Secure Backup)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll [63896 2013-04-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PayPen.lnk
ShortcutTarget: PayPen.lnk -> C:\Program Files (x86)\CREALOGIX E-Payment AG\PayPen\PayPen.exe (Anoto AB)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
Startup: C:\Users\Tukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tukan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * 6)\* O\* OODons\* s\* OOeLOOOODBS

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
HKCU\Software\Microsoft\Internet Explorer\Main,start page = Welcome to ALDI
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_uid=4508871060674747&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_uid=4508871060674747&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tukan\AppData\Roaming\Mozilla\Firefox\Profiles\7c5q79bo.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Tukan\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Extension: No Name - C:\Users\Tukan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=MDNC&bmod=MDNC
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=MDNC&bmod=MDNC"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Skype Toolbars) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0
CHR Extension: (Virtual Keyboard) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0
CHR Extension: (Skype Click to Call) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (Anti-Banner) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-07] (Kaspersky Lab ZAO)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
R2 IBUpdaterService; C:\ProgramData\IBUpdaterService\ibsvc.exe [596224 2013-06-28] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-05] ()
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-25] (NETGEAR)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3294152 2013-01-07] (O&O Software GmbH)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-06-14] (Western Digital )
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-04] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-04] (Avira GmbH)
S3 FNETTBOH; C:\Windows\SysWow64\drivers\FNETTBOH.SYS [27648 2011-10-09] (FNet Co., Ltd.)
S3 FNETTBOH; C:\Windows\SysWow64\drivers\FNETTBOH.SYS [27648 2011-10-09] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\SysWow64\drivers\FNETURPX.SYS [9216 2011-10-09] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\SysWow64\drivers\FNETURPX.SYS [9216 2011-10-09] (FNet Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2012-12-06] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2012-12-30] (CACE Technologies, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2010-06-10] (CACE Technologies)
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [20840 2008-01-14] ()
S3 pendfu; C:\Windows\SysWow64\Drivers\pendfu.sys [39040 2008-01-25] (Anoto AB)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 pendfu; System32\Drivers\pendfu.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-09 16:35 - 2013-08-09 16:35 - 00000000 ____D C:\FRST
2013-08-07 22:14 - 2013-08-07 22:15 - 00000000 ____D C:\Users\Public\Documents\Cairns Reiseunterlagen
2013-08-07 17:37 - 2013-08-07 17:37 - 00000000 ____D C:\Users\Tukan\AppData\Local\PC_Drivers_Headquarters
2013-08-07 17:37 - 2013-08-07 17:37 - 00000000 ____D C:\ProgramData\UAB
2013-08-07 17:36 - 2013-08-07 17:36 - 00002275 _____ C:\Users\Public\Desktop\DriverBoost.lnk
2013-08-07 17:36 - 2013-08-07 17:36 - 00000000 ____D C:\ProgramData\DriverBoost
2013-08-07 17:35 - 2013-08-07 17:35 - 00000000 ____D C:\Program Files (x86)\DriverBoost
2013-08-07 17:24 - 2013-08-09 16:21 - 00000490 _____ C:\Windows\Tasks\Online Backup Update Notifier.job
2013-08-07 17:24 - 2013-08-07 17:24 - 00002009 _____ C:\Users\Public\Desktop\Malwarebytes Secure Backup.lnk
2013-08-07 17:24 - 2013-08-07 17:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Secure Backup
2013-08-07 17:23 - 2013-08-07 17:23 - 00000000 ____D C:\Windows\Downloaded Installations
2013-08-07 16:00 - 2013-08-07 16:01 - 00000000 ____D C:\Users\Tukan\AppData\Local\{A2D24722-D146-4CF3-9228-63DEA2E4D669}
2013-08-07 12:18 - 2013-08-07 12:18 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-07 12:18 - 2013-08-07 12:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-07 12:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-04 16:14 - 2013-08-04 16:14 - 00000000 ____D C:\Users\Tukan\Documents\Reise nach Cairns
2013-08-04 16:12 - 2013-08-04 16:12 - 00029159 _____ C:\Users\Tukan\Documents\Adressen Liste text.txt
2013-08-04 11:15 - 2013-08-04 11:15 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 10:28 - 2013-08-04 10:28 - 00000000 ____D C:\Users\Tukan\AppData\Local\{97806D18-AB45-4327-83B4-D861C0D5BB2E}
2013-07-31 11:01 - 2013-07-31 11:01 - 00000000 ____D C:\Users\Tukan\AppData\Local\{2A0C5A82-29CD-4F00-BCE5-0C8A41270939}
2013-07-21 22:46 - 2013-07-21 22:53 - 00002196 _____ C:\Windows\system32\ASOROSet.bin
2013-07-21 22:43 - 2013-07-22 00:06 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\Systweak
2013-07-21 22:39 - 2013-07-21 22:40 - 16437296 _____ (Systweak Inc. ) C:\Users\JPS\Downloads\photostudio_r.exe
2013-07-21 22:39 - 2013-07-21 22:39 - 05499544 _____ (Systweak INC. ) C:\Users\JPS\Downloads\dsusetup_r.exe
2013-07-21 22:38 - 2013-07-21 22:39 - 03756976 _____ (Systweak Inc ) C:\Users\JPS\Downloads\rcpsetup_r.exe
2013-07-21 22:31 - 2013-07-21 22:31 - 00238932 ____H C:\Windows\SysWOW64\mlfcache.dat
2013-07-21 22:22 - 2013-07-25 14:19 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Systweak
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Babylon
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\ProgramData\Babylon
2013-07-19 12:11 - 2013-07-19 12:18 - 00000000 ____D C:\Users\JPS\AppData\Roaming\DVDVideoSoft
2013-07-19 12:11 - 2013-07-19 12:11 - 00000000 ____D C:\Users\Tukan\Documents\DVDVideoSoft
2013-07-19 12:11 - 2013-07-19 12:11 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\DVDVideoSoft
2013-07-19 10:54 - 2013-07-19 10:54 - 00000000 ____D C:\Users\Tukan\AppData\Local\{9EA97B51-AE16-4F1C-8F3F-52742AD3D310}
2013-07-19 10:46 - 2013-07-19 10:46 - 00000000 ____D C:\Users\Tukan\AppData\Local\{3666A9DD-8558-40D1-BADE-6430B4B5B679}
2013-07-17 14:59 - 2013-07-17 15:02 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 13:08 - 2013-07-13 13:08 - 00000000 ____D C:\Users\Tukan\AppData\Local\{78125210-BF5F-4A09-AF9F-3FB081B369C9}
2013-07-10 21:50 - 2013-07-10 21:50 - 00000000 ____D C:\Users\Tukan\AppData\Local\{443C5905-EF3E-4D60-AA15-7646FAE5A040}
2013-07-10 13:26 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 13:26 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 13:26 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 13:26 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 13:26 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 13:26 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 13:26 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 13:26 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 13:26 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 13:26 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 13:26 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 13:25 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 13:25 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 13:25 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 13:25 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 13:08 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 13:08 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 13:08 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 13:08 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 13:07 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 13:07 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 13:07 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-09 16:57 - 2013-08-09 16:57 - 01790169 _____ (Farbar) C:\Users\Tukan\Desktop\FRST64.exe
2013-08-09 16:35 - 2013-08-09 16:35 - 00000000 ____D C:\FRST
2013-08-09 16:28 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 16:28 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 16:24 - 2011-06-22 17:43 - 01395767 _____ C:\Windows\WindowsUpdate.log
2013-08-09 16:22 - 2013-06-26 20:58 - 00000000 ___RD C:\Users\Tukan\Dropbox
2013-08-09 16:22 - 2013-06-26 20:55 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\Dropbox
2013-08-09 16:22 - 2011-10-11 16:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-09 16:21 - 2013-08-07 17:24 - 00000490 _____ C:\Windows\Tasks\Online Backup Update Notifier.job
2013-08-09 16:21 - 2013-04-28 12:38 - 00086860 _____ C:\Windows\system32\oodbs.lor
2013-08-09 16:21 - 2012-12-23 17:08 - 00026644 _____ C:\Windows\setupact.log
2013-08-09 16:21 - 2011-06-22 17:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-09 16:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 14:13 - 2011-06-22 17:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-09 14:04 - 2012-04-20 22:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-09 11:47 - 2011-04-24 01:02 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-08-09 11:47 - 2011-04-24 01:02 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-08-09 11:47 - 2009-07-14 07:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-07 23:56 - 2011-06-22 21:12 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\SoftGrid Client
2013-08-07 22:15 - 2013-08-07 22:14 - 00000000 ____D C:\Users\Public\Documents\Cairns Reiseunterlagen
2013-08-07 21:46 - 2013-05-30 13:28 - 00000000 ____D C:\Users\Tukan\Documents\MAC_Dokumente
2013-08-07 19:59 - 2009-03-07 15:26 - 00000000 ____D C:\Users\Tukan\Documents\ADRV
2013-08-07 19:30 - 2011-06-22 17:51 - 00000000 ____D C:\Users\JPS
2013-08-07 17:37 - 2013-08-07 17:37 - 00000000 ____D C:\Users\Tukan\AppData\Local\PC_Drivers_Headquarters
2013-08-07 17:37 - 2013-08-07 17:37 - 00000000 ____D C:\ProgramData\UAB
2013-08-07 17:36 - 2013-08-07 17:36 - 00002275 _____ C:\Users\Public\Desktop\DriverBoost.lnk
2013-08-07 17:36 - 2013-08-07 17:36 - 00000000 ____D C:\ProgramData\DriverBoost
2013-08-07 17:35 - 2013-08-07 17:35 - 00000000 ____D C:\Program Files (x86)\DriverBoost
2013-08-07 17:24 - 2013-08-07 17:24 - 00002009 _____ C:\Users\Public\Desktop\Malwarebytes Secure Backup.lnk
2013-08-07 17:24 - 2013-08-07 17:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Secure Backup
2013-08-07 17:24 - 2012-12-23 16:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-07 17:23 - 2013-08-07 17:23 - 00000000 ____D C:\Windows\Downloaded Installations
2013-08-07 17:05 - 2010-11-21 05:47 - 00314942 _____ C:\Windows\PFRO.log
2013-08-07 17:03 - 2013-04-28 13:48 - 00000000 ____D C:\Users\JPS\AppData\Roaming\File Scout
2013-08-07 16:01 - 2013-08-07 16:00 - 00000000 ____D C:\Users\Tukan\AppData\Local\{A2D24722-D146-4CF3-9228-63DEA2E4D669}
2013-08-07 12:18 - 2013-08-07 12:18 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-07 12:18 - 2013-08-07 12:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 15:42 - 2011-07-07 11:22 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-08-04 16:14 - 2013-08-04 16:14 - 00000000 ____D C:\Users\Tukan\Documents\Reise nach Cairns
2013-08-04 16:12 - 2013-08-04 16:12 - 00029159 _____ C:\Users\Tukan\Documents\Adressen Liste text.txt
2013-08-04 13:03 - 2010-07-30 11:17 - 00000000 ____D C:\Users\Tukan\Documents\Reisen
2013-08-04 11:15 - 2013-08-04 11:15 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 10:28 - 2013-08-04 10:28 - 00000000 ____D C:\Users\Tukan\AppData\Local\{97806D18-AB45-4327-83B4-D861C0D5BB2E}
2013-07-31 15:25 - 2011-06-22 22:13 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\Skype
2013-07-31 14:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-31 12:18 - 2011-06-22 20:57 - 00000000 ____D C:\Users\Tukan
2013-07-31 12:17 - 2012-12-20 14:09 - 00001748 _____ C:\Users\Tukan\Julia + Rohan Wadham.contact
2013-07-31 11:31 - 2011-06-22 22:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-31 11:31 - 2011-06-22 22:13 - 00000000 ____D C:\ProgramData\Skype
2013-07-31 11:01 - 2013-07-31 11:01 - 00000000 ____D C:\Users\Tukan\AppData\Local\{2A0C5A82-29CD-4F00-BCE5-0C8A41270939}
2013-07-29 23:13 - 2011-08-16 01:18 - 00000000 ____D C:\Users\JPS\AppData\Roaming\NCH Software
2013-07-29 20:49 - 2011-08-25 13:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-29 20:49 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2013-07-25 14:19 - 2013-07-21 22:22 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Systweak
2013-07-22 00:06 - 2013-07-21 22:43 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\Systweak
2013-07-21 22:53 - 2013-07-21 22:46 - 00002196 _____ C:\Windows\system32\ASOROSet.bin
2013-07-21 22:44 - 2011-04-24 14:58 - 00000000 ___RD C:\Users\Public\Desktop\Medion MediaPack
2013-07-21 22:42 - 2011-07-18 15:08 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Apple Computer
2013-07-21 22:40 - 2013-07-21 22:39 - 16437296 _____ (Systweak Inc. ) C:\Users\JPS\Downloads\photostudio_r.exe
2013-07-21 22:39 - 2013-07-21 22:39 - 05499544 _____ (Systweak INC. ) C:\Users\JPS\Downloads\dsusetup_r.exe
2013-07-21 22:39 - 2013-07-21 22:38 - 03756976 _____ (Systweak Inc ) C:\Users\JPS\Downloads\rcpsetup_r.exe
2013-07-21 22:36 - 2011-07-07 11:48 - 00000000 ____D C:\Users\JPS\AppData\Local\Adobe
2013-07-21 22:31 - 2013-07-21 22:31 - 00238932 ____H C:\Windows\SysWOW64\mlfcache.dat
2013-07-19 12:18 - 2013-07-19 12:11 - 00000000 ____D C:\Users\JPS\AppData\Roaming\DVDVideoSoft
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Babylon
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\ProgramData\Babylon
2013-07-19 12:11 - 2013-07-19 12:11 - 00000000 ____D C:\Users\Tukan\Documents\DVDVideoSoft
2013-07-19 12:11 - 2013-07-19 12:11 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\DVDVideoSoft
2013-07-19 12:11 - 2013-03-07 14:02 - 00000000 ____D C:\Users\JPS\AppData\Roaming\OpenCandy
2013-07-19 10:54 - 2013-07-19 10:54 - 00000000 ____D C:\Users\Tukan\AppData\Local\{9EA97B51-AE16-4F1C-8F3F-52742AD3D310}
2013-07-19 10:46 - 2013-07-19 10:46 - 00000000 ____D C:\Users\Tukan\AppData\Local\{3666A9DD-8558-40D1-BADE-6430B4B5B679}
2013-07-18 19:26 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-18 17:36 - 2011-04-24 13:54 - 00045434 _____ C:\Windows\DPINST.LOG
2013-07-17 15:02 - 2013-07-17 14:59 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 14:48 - 2012-04-20 22:59 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-13 14:48 - 2011-07-12 00:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-13 13:08 - 2013-07-13 13:08 - 00000000 ____D C:\Users\Tukan\AppData\Local\{78125210-BF5F-4A09-AF9F-3FB081B369C9}
2013-07-10 21:50 - 2013-07-10 21:50 - 00000000 ____D C:\Users\Tukan\AppData\Local\{443C5905-EF3E-4D60-AA15-7646FAE5A040}
2013-07-10 21:40 - 2009-07-14 06:45 - 00481072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 21:39 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 21:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 21:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 21:38 - 2012-05-20 15:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 21:38 - 2012-05-20 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Kuranda · 09.08.2013

Code:

  FRST-LOG   Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by Tukan (ATTENTION: The logged in user is not administrator) on 09-08-2013 16:58:02
Running from C:\Users\Tukan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(PC Drivers Headquarters) C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe
(Anoto AB) C:\Program Files (x86)\CREALOGIX E-Payment AG\PayPen\PayPen.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Dropbox, Inc.) C:\Users\Tukan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Anoto AB) C:\Program Files (x86)\CREALOGIX E-Payment AG\PayPen\CPenDesk.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe
() C:\Program Files (x86)\CREALOGIX E-Payment AG\PayPen\CPenOCR.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\klwtblfs.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-05] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10361616 2011-02-11] (Intel Corporation)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [4002248 2013-01-07] (O&O Software GmbH)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [DIMUpdate wird heruntergeladen...1300677038394] - c:\programdata\corel\downloads\540214035_807001\1300677038394\dim_params.xml [1060 2011-07-01] ()
HKCU\...\Run: [DriverBoost] - C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [3978096 2013-07-22] (PC Drivers Headquarters)
MountPoints2: {6d866fcb-2c0d-11e2-959d-00262dc79d5a} - F:\LaunchU3.exe -a
MountPoints2: {fbec8e90-6edd-11e2-8a97-00262dc79d5a} - "F:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2010-12-16] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-07] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SOSUAUI] - C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [53144 2013-04-01] (Malwarebytes Secure Backup)
HKLM-x32\...\Run: [SMessaging] - C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe [63896 2013-04-01] (Malwarebytes Secure Backup)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll [63896 2013-04-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PayPen.lnk
ShortcutTarget: PayPen.lnk -> C:\Program Files (x86)\CREALOGIX E-Payment AG\PayPen\PayPen.exe (Anoto AB)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
Startup: C:\Users\Tukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tukan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * 6)\* O\* OODons\* s\* OOeLOOOODBS

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,start page = http://www.aldi.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_uid=4508871060674747&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_uid=4508871060674747&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tukan\AppData\Roaming\Mozilla\Firefox\Profiles\7c5q79bo.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Tukan\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Extension: No Name - C:\Users\Tukan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=MDNC&bmod=MDNC
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=MDNC&bmod=MDNC"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Skype Toolbars) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0
CHR Extension: (Virtual Keyboard) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0
CHR Extension: (Skype Click to Call) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (Anti-Banner) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-07] (Kaspersky Lab ZAO)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
R2 IBUpdaterService; C:\ProgramData\IBUpdaterService\ibsvc.exe [596224 2013-06-28] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-05] ()
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-25] (NETGEAR)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3294152 2013-01-07] (O&O Software GmbH)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-06-14] (Western Digital )
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-04] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-04] (Avira GmbH)
S3 FNETTBOH; C:\Windows\SysWow64\drivers\FNETTBOH.SYS [27648 2011-10-09] (FNet Co., Ltd.)
S3 FNETTBOH; C:\Windows\SysWow64\drivers\FNETTBOH.SYS [27648 2011-10-09] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\SysWow64\drivers\FNETURPX.SYS [9216 2011-10-09] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\SysWow64\drivers\FNETURPX.SYS [9216 2011-10-09] (FNet Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2012-12-06] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2012-12-30] (CACE Technologies, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2010-06-10] (CACE Technologies)
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [20840 2008-01-14] ()
S3 pendfu; C:\Windows\SysWow64\Drivers\pendfu.sys [39040 2008-01-25] (Anoto AB)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 pendfu; System32\Drivers\pendfu.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-09 16:35 - 2013-08-09 16:35 - 00000000 ____D C:\FRST
2013-08-07 22:14 - 2013-08-07 22:15 - 00000000 ____D C:\Users\Public\Documents\Cairns Reiseunterlagen
2013-08-07 17:37 - 2013-08-07 17:37 - 00000000 ____D C:\Users\Tukan\AppData\Local\PC_Drivers_Headquarters
2013-08-07 17:37 - 2013-08-07 17:37 - 00000000 ____D C:\ProgramData\UAB
2013-08-07 17:36 - 2013-08-07 17:36 - 00002275 _____ C:\Users\Public\Desktop\DriverBoost.lnk
2013-08-07 17:36 - 2013-08-07 17:36 - 00000000 ____D C:\ProgramData\DriverBoost
2013-08-07 17:35 - 2013-08-07 17:35 - 00000000 ____D C:\Program Files (x86)\DriverBoost
2013-08-07 17:24 - 2013-08-09 16:21 - 00000490 _____ C:\Windows\Tasks\Online Backup Update Notifier.job
2013-08-07 17:24 - 2013-08-07 17:24 - 00002009 _____ C:\Users\Public\Desktop\Malwarebytes Secure Backup.lnk
2013-08-07 17:24 - 2013-08-07 17:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Secure Backup
2013-08-07 17:23 - 2013-08-07 17:23 - 00000000 ____D C:\Windows\Downloaded Installations
2013-08-07 16:00 - 2013-08-07 16:01 - 00000000 ____D C:\Users\Tukan\AppData\Local\{A2D24722-D146-4CF3-9228-63DEA2E4D669}
2013-08-07 12:18 - 2013-08-07 12:18 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-07 12:18 - 2013-08-07 12:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-07 12:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-04 16:14 - 2013-08-04 16:14 - 00000000 ____D C:\Users\Tukan\Documents\Reise nach Cairns
2013-08-04 16:12 - 2013-08-04 16:12 - 00029159 _____ C:\Users\Tukan\Documents\Adressen Liste text.txt
2013-08-04 11:15 - 2013-08-04 11:15 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 10:28 - 2013-08-04 10:28 - 00000000 ____D C:\Users\Tukan\AppData\Local\{97806D18-AB45-4327-83B4-D861C0D5BB2E}
2013-07-31 11:01 - 2013-07-31 11:01 - 00000000 ____D C:\Users\Tukan\AppData\Local\{2A0C5A82-29CD-4F00-BCE5-0C8A41270939}
2013-07-21 22:46 - 2013-07-21 22:53 - 00002196 _____ C:\Windows\system32\ASOROSet.bin
2013-07-21 22:43 - 2013-07-22 00:06 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\Systweak
2013-07-21 22:39 - 2013-07-21 22:40 - 16437296 _____ (Systweak Inc.                                               ) C:\Users\JPS\Downloads\photostudio_r.exe
2013-07-21 22:39 - 2013-07-21 22:39 - 05499544 _____ (Systweak INC.                                               ) C:\Users\JPS\Downloads\dsusetup_r.exe
2013-07-21 22:38 - 2013-07-21 22:39 - 03756976 _____ (Systweak Inc                                                ) C:\Users\JPS\Downloads\rcpsetup_r.exe
2013-07-21 22:31 - 2013-07-21 22:31 - 00238932 ____H C:\Windows\SysWOW64\mlfcache.dat
2013-07-21 22:22 - 2013-07-25 14:19 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Systweak
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Babylon
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\ProgramData\Babylon
2013-07-19 12:11 - 2013-07-19 12:18 - 00000000 ____D C:\Users\JPS\AppData\Roaming\DVDVideoSoft
2013-07-19 12:11 - 2013-07-19 12:11 - 00000000 ____D C:\Users\Tukan\Documents\DVDVideoSoft
2013-07-19 12:11 - 2013-07-19 12:11 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\DVDVideoSoft
2013-07-19 10:54 - 2013-07-19 10:54 - 00000000 ____D C:\Users\Tukan\AppData\Local\{9EA97B51-AE16-4F1C-8F3F-52742AD3D310}
2013-07-19 10:46 - 2013-07-19 10:46 - 00000000 ____D C:\Users\Tukan\AppData\Local\{3666A9DD-8558-40D1-BADE-6430B4B5B679}
2013-07-17 14:59 - 2013-07-17 15:02 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 13:08 - 2013-07-13 13:08 - 00000000 ____D C:\Users\Tukan\AppData\Local\{78125210-BF5F-4A09-AF9F-3FB081B369C9}
2013-07-10 21:50 - 2013-07-10 21:50 - 00000000 ____D C:\Users\Tukan\AppData\Local\{443C5905-EF3E-4D60-AA15-7646FAE5A040}
2013-07-10 13:26 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 13:26 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 13:26 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 13:26 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 13:26 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 13:26 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 13:26 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 13:26 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 13:26 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 13:26 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 13:26 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 13:25 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 13:25 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 13:25 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 13:25 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 13:08 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 13:08 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 13:08 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 13:08 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 13:07 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 13:07 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 13:07 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-09 16:57 - 2013-08-09 16:57 - 01790169 _____ (Farbar) C:\Users\Tukan\Desktop\FRST64.exe
2013-08-09 16:35 - 2013-08-09 16:35 - 00000000 ____D C:\FRST
2013-08-09 16:28 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 16:28 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 16:24 - 2011-06-22 17:43 - 01395767 _____ C:\Windows\WindowsUpdate.log
2013-08-09 16:22 - 2013-06-26 20:58 - 00000000 ___RD C:\Users\Tukan\Dropbox
2013-08-09 16:22 - 2013-06-26 20:55 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\Dropbox
2013-08-09 16:22 - 2011-10-11 16:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-09 16:21 - 2013-08-07 17:24 - 00000490 _____ C:\Windows\Tasks\Online Backup Update Notifier.job
2013-08-09 16:21 - 2013-04-28 12:38 - 00086860 _____ C:\Windows\system32\oodbs.lor
2013-08-09 16:21 - 2012-12-23 17:08 - 00026644 _____ C:\Windows\setupact.log
2013-08-09 16:21 - 2011-06-22 17:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-09 16:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 14:13 - 2011-06-22 17:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-09 14:04 - 2012-04-20 22:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-09 11:47 - 2011-04-24 01:02 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-08-09 11:47 - 2011-04-24 01:02 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-08-09 11:47 - 2009-07-14 07:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-07 23:56 - 2011-06-22 21:12 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\SoftGrid Client
2013-08-07 22:15 - 2013-08-07 22:14 - 00000000 ____D C:\Users\Public\Documents\Cairns Reiseunterlagen
2013-08-07 21:46 - 2013-05-30 13:28 - 00000000 ____D C:\Users\Tukan\Documents\MAC_Dokumente
2013-08-07 19:59 - 2009-03-07 15:26 - 00000000 ____D C:\Users\Tukan\Documents\ADRV
2013-08-07 19:30 - 2011-06-22 17:51 - 00000000 ____D C:\Users\JPS
2013-08-07 17:37 - 2013-08-07 17:37 - 00000000 ____D C:\Users\Tukan\AppData\Local\PC_Drivers_Headquarters
2013-08-07 17:37 - 2013-08-07 17:37 - 00000000 ____D C:\ProgramData\UAB
2013-08-07 17:36 - 2013-08-07 17:36 - 00002275 _____ C:\Users\Public\Desktop\DriverBoost.lnk
2013-08-07 17:36 - 2013-08-07 17:36 - 00000000 ____D C:\ProgramData\DriverBoost
2013-08-07 17:35 - 2013-08-07 17:35 - 00000000 ____D C:\Program Files (x86)\DriverBoost
2013-08-07 17:24 - 2013-08-07 17:24 - 00002009 _____ C:\Users\Public\Desktop\Malwarebytes Secure Backup.lnk
2013-08-07 17:24 - 2013-08-07 17:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Secure Backup
2013-08-07 17:24 - 2012-12-23 16:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-07 17:23 - 2013-08-07 17:23 - 00000000 ____D C:\Windows\Downloaded Installations
2013-08-07 17:05 - 2010-11-21 05:47 - 00314942 _____ C:\Windows\PFRO.log
2013-08-07 17:03 - 2013-04-28 13:48 - 00000000 ____D C:\Users\JPS\AppData\Roaming\File Scout
2013-08-07 16:01 - 2013-08-07 16:00 - 00000000 ____D C:\Users\Tukan\AppData\Local\{A2D24722-D146-4CF3-9228-63DEA2E4D669}
2013-08-07 12:18 - 2013-08-07 12:18 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-07 12:18 - 2013-08-07 12:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 15:42 - 2011-07-07 11:22 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-08-04 16:14 - 2013-08-04 16:14 - 00000000 ____D C:\Users\Tukan\Documents\Reise nach Cairns
2013-08-04 16:12 - 2013-08-04 16:12 - 00029159 _____ C:\Users\Tukan\Documents\Adressen Liste text.txt
2013-08-04 13:03 - 2010-07-30 11:17 - 00000000 ____D C:\Users\Tukan\Documents\Reisen
2013-08-04 11:15 - 2013-08-04 11:15 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 10:28 - 2013-08-04 10:28 - 00000000 ____D C:\Users\Tukan\AppData\Local\{97806D18-AB45-4327-83B4-D861C0D5BB2E}
2013-07-31 15:25 - 2011-06-22 22:13 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\Skype
2013-07-31 14:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-31 12:18 - 2011-06-22 20:57 - 00000000 ____D C:\Users\Tukan
2013-07-31 12:17 - 2012-12-20 14:09 - 00001748 _____ C:\Users\Tukan\Julia + Rohan Wadham.contact
2013-07-31 11:31 - 2011-06-22 22:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-31 11:31 - 2011-06-22 22:13 - 00000000 ____D C:\ProgramData\Skype
2013-07-31 11:01 - 2013-07-31 11:01 - 00000000 ____D C:\Users\Tukan\AppData\Local\{2A0C5A82-29CD-4F00-BCE5-0C8A41270939}
2013-07-29 23:13 - 2011-08-16 01:18 - 00000000 ____D C:\Users\JPS\AppData\Roaming\NCH Software
2013-07-29 20:49 - 2011-08-25 13:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-29 20:49 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2013-07-25 14:19 - 2013-07-21 22:22 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Systweak
2013-07-22 00:06 - 2013-07-21 22:43 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\Systweak
2013-07-21 22:53 - 2013-07-21 22:46 - 00002196 _____ C:\Windows\system32\ASOROSet.bin
2013-07-21 22:44 - 2011-04-24 14:58 - 00000000 ___RD C:\Users\Public\Desktop\Medion MediaPack
2013-07-21 22:42 - 2011-07-18 15:08 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Apple Computer
2013-07-21 22:40 - 2013-07-21 22:39 - 16437296 _____ (Systweak Inc.                                               ) C:\Users\JPS\Downloads\photostudio_r.exe
2013-07-21 22:39 - 2013-07-21 22:39 - 05499544 _____ (Systweak INC.                                               ) C:\Users\JPS\Downloads\dsusetup_r.exe
2013-07-21 22:39 - 2013-07-21 22:38 - 03756976 _____ (Systweak Inc                                                ) C:\Users\JPS\Downloads\rcpsetup_r.exe
2013-07-21 22:36 - 2011-07-07 11:48 - 00000000 ____D C:\Users\JPS\AppData\Local\Adobe
2013-07-21 22:31 - 2013-07-21 22:31 - 00238932 ____H C:\Windows\SysWOW64\mlfcache.dat
2013-07-19 12:18 - 2013-07-19 12:11 - 00000000 ____D C:\Users\JPS\AppData\Roaming\DVDVideoSoft
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Babylon
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\ProgramData\Babylon
2013-07-19 12:11 - 2013-07-19 12:11 - 00000000 ____D C:\Users\Tukan\Documents\DVDVideoSoft
2013-07-19 12:11 - 2013-07-19 12:11 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\DVDVideoSoft
2013-07-19 12:11 - 2013-03-07 14:02 - 00000000 ____D C:\Users\JPS\AppData\Roaming\OpenCandy
2013-07-19 10:54 - 2013-07-19 10:54 - 00000000 ____D C:\Users\Tukan\AppData\Local\{9EA97B51-AE16-4F1C-8F3F-52742AD3D310}
2013-07-19 10:46 - 2013-07-19 10:46 - 00000000 ____D C:\Users\Tukan\AppData\Local\{3666A9DD-8558-40D1-BADE-6430B4B5B679}
2013-07-18 19:26 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-18 17:36 - 2011-04-24 13:54 - 00045434 _____ C:\Windows\DPINST.LOG
2013-07-17 15:02 - 2013-07-17 14:59 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 14:48 - 2012-04-20 22:59 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-13 14:48 - 2011-07-12 00:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-13 13:08 - 2013-07-13 13:08 - 00000000 ____D C:\Users\Tukan\AppData\Local\{78125210-BF5F-4A09-AF9F-3FB081B369C9}
2013-07-10 21:50 - 2013-07-10 21:50 - 00000000 ____D C:\Users\Tukan\AppData\Local\{443C5905-EF3E-4D60-AA15-7646FAE5A040}
2013-07-10 21:40 - 2009-07-14 06:45 - 00481072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 21:39 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 21:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 21:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 21:38 - 2012-05-20 15:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 21:38 - 2012-05-20 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Kuranda · 09.08.2013

Code:

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by Tukan (ATTENTION: The logged in user is not administrator) on 09-08-2013 17:26:50
Running from C:\Users\Tukan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(PC Drivers Headquarters) C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe
(Anoto AB) C:\Program Files (x86)\CREALOGIX E-Payment AG\PayPen\PayPen.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Dropbox, Inc.) C:\Users\Tukan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Anoto AB) C:\Program Files (x86)\CREALOGIX E-Payment AG\PayPen\CPenDesk.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe
() C:\Program Files (x86)\CREALOGIX E-Payment AG\PayPen\CPenOCR.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\klwtblfs.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-05] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10361616 2011-02-11] (Intel Corporation)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [4002248 2013-01-07] (O&O Software GmbH)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [DIMUpdate wird heruntergeladen...1300677038394] - c:\programdata\corel\downloads\540214035_807001\1300677038394\dim_params.xml [1060 2011-07-01] ()
HKCU\...\Run: [DriverBoost] - C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [3978096 2013-07-22] (PC Drivers Headquarters)
MountPoints2: {6d866fcb-2c0d-11e2-959d-00262dc79d5a} - F:\LaunchU3.exe -a
MountPoints2: {fbec8e90-6edd-11e2-8a97-00262dc79d5a} - "F:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2010-12-16] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-07] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SOSUAUI] - C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [53144 2013-04-01] (Malwarebytes Secure Backup)
HKLM-x32\...\Run: [SMessaging] - C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe [63896 2013-04-01] (Malwarebytes Secure Backup)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll [63896 2013-04-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PayPen.lnk
ShortcutTarget: PayPen.lnk -> C:\Program Files (x86)\CREALOGIX E-Payment AG\PayPen\PayPen.exe (Anoto AB)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
Startup: C:\Users\Tukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tukan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * 6)\* O\* OODons\* s\* OOeLOOOODBS

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,start page = http://www.aldi.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_uid=4508871060674747&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_uid=4508871060674747&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tukan\AppData\Roaming\Mozilla\Firefox\Profiles\7c5q79bo.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Tukan\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Extension: No Name - C:\Users\Tukan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=MDNC&bmod=MDNC
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=MDNC&bmod=MDNC"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Skype Toolbars) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0
CHR Extension: (Virtual Keyboard) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0
CHR Extension: (Skype Click to Call) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (Anti-Banner) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-07] (Kaspersky Lab ZAO)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
R2 IBUpdaterService; C:\ProgramData\IBUpdaterService\ibsvc.exe [596224 2013-06-28] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-05] ()
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-25] (NETGEAR)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3294152 2013-01-07] (O&O Software GmbH)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-06-14] (Western Digital )
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-04] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-04] (Avira GmbH)
S3 FNETTBOH; C:\Windows\SysWow64\drivers\FNETTBOH.SYS [27648 2011-10-09] (FNet Co., Ltd.)
S3 FNETTBOH; C:\Windows\SysWow64\drivers\FNETTBOH.SYS [27648 2011-10-09] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\SysWow64\drivers\FNETURPX.SYS [9216 2011-10-09] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\SysWow64\drivers\FNETURPX.SYS [9216 2011-10-09] (FNet Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2012-12-06] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2012-12-30] (CACE Technologies, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2010-06-10] (CACE Technologies)
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [20840 2008-01-14] ()
S3 pendfu; C:\Windows\SysWow64\Drivers\pendfu.sys [39040 2008-01-25] (Anoto AB)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 pendfu; System32\Drivers\pendfu.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-09 16:35 - 2013-08-09 16:35 - 00000000 ____D C:\FRST
2013-08-07 22:14 - 2013-08-07 22:15 - 00000000 ____D C:\Users\Public\Documents\Cairns Reiseunterlagen
2013-08-07 17:37 - 2013-08-07 17:37 - 00000000 ____D C:\Users\Tukan\AppData\Local\PC_Drivers_Headquarters
2013-08-07 17:37 - 2013-08-07 17:37 - 00000000 ____D C:\ProgramData\UAB
2013-08-07 17:36 - 2013-08-07 17:36 - 00002275 _____ C:\Users\Public\Desktop\DriverBoost.lnk
2013-08-07 17:36 - 2013-08-07 17:36 - 00000000 ____D C:\ProgramData\DriverBoost
2013-08-07 17:35 - 2013-08-07 17:35 - 00000000 ____D C:\Program Files (x86)\DriverBoost
2013-08-07 17:24 - 2013-08-09 16:21 - 00000490 _____ C:\Windows\Tasks\Online Backup Update Notifier.job
2013-08-07 17:24 - 2013-08-07 17:24 - 00002009 _____ C:\Users\Public\Desktop\Malwarebytes Secure Backup.lnk
2013-08-07 17:24 - 2013-08-07 17:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Secure Backup
2013-08-07 17:23 - 2013-08-07 17:23 - 00000000 ____D C:\Windows\Downloaded Installations
2013-08-07 16:00 - 2013-08-07 16:01 - 00000000 ____D C:\Users\Tukan\AppData\Local\{A2D24722-D146-4CF3-9228-63DEA2E4D669}
2013-08-07 12:18 - 2013-08-07 12:18 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-07 12:18 - 2013-08-07 12:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-07 12:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-04 16:14 - 2013-08-04 16:14 - 00000000 ____D C:\Users\Tukan\Documents\Reise nach Cairns
2013-08-04 16:12 - 2013-08-04 16:12 - 00029159 _____ C:\Users\Tukan\Documents\Adressen Liste text.txt
2013-08-04 11:15 - 2013-08-04 11:15 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 10:28 - 2013-08-04 10:28 - 00000000 ____D C:\Users\Tukan\AppData\Local\{97806D18-AB45-4327-83B4-D861C0D5BB2E}
2013-07-31 11:01 - 2013-07-31 11:01 - 00000000 ____D C:\Users\Tukan\AppData\Local\{2A0C5A82-29CD-4F00-BCE5-0C8A41270939}
2013-07-21 22:46 - 2013-07-21 22:53 - 00002196 _____ C:\Windows\system32\ASOROSet.bin
2013-07-21 22:43 - 2013-07-22 00:06 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\Systweak
2013-07-21 22:39 - 2013-07-21 22:40 - 16437296 _____ (Systweak Inc.                                               ) C:\Users\JPS\Downloads\photostudio_r.exe
2013-07-21 22:39 - 2013-07-21 22:39 - 05499544 _____ (Systweak INC.                                               ) C:\Users\JPS\Downloads\dsusetup_r.exe
2013-07-21 22:38 - 2013-07-21 22:39 - 03756976 _____ (Systweak Inc                                                ) C:\Users\JPS\Downloads\rcpsetup_r.exe
2013-07-21 22:31 - 2013-07-21 22:31 - 00238932 ____H C:\Windows\SysWOW64\mlfcache.dat
2013-07-21 22:22 - 2013-07-25 14:19 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Systweak
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Babylon
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\ProgramData\Babylon
2013-07-19 12:11 - 2013-07-19 12:18 - 00000000 ____D C:\Users\JPS\AppData\Roaming\DVDVideoSoft
2013-07-19 12:11 - 2013-07-19 12:11 - 00000000 ____D C:\Users\Tukan\Documents\DVDVideoSoft
2013-07-19 12:11 - 2013-07-19 12:11 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\DVDVideoSoft
2013-07-19 10:54 - 2013-07-19 10:54 - 00000000 ____D C:\Users\Tukan\AppData\Local\{9EA97B51-AE16-4F1C-8F3F-52742AD3D310}
2013-07-19 10:46 - 2013-07-19 10:46 - 00000000 ____D C:\Users\Tukan\AppData\Local\{3666A9DD-8558-40D1-BADE-6430B4B5B679}
2013-07-17 14:59 - 2013-07-17 15:02 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 13:08 - 2013-07-13 13:08 - 00000000 ____D C:\Users\Tukan\AppData\Local\{78125210-BF5F-4A09-AF9F-3FB081B369C9}
2013-07-10 21:50 - 2013-07-10 21:50 - 00000000 ____D C:\Users\Tukan\AppData\Local\{443C5905-EF3E-4D60-AA15-7646FAE5A040}
2013-07-10 13:26 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 13:26 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 13:26 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 13:26 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 13:26 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 13:26 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 13:26 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 13:26 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 13:26 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 13:26 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 13:26 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 13:25 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 13:25 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 13:25 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 13:25 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 13:08 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 13:08 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 13:08 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 13:08 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 13:07 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 13:07 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 13:07 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

==================== One Month Modified Files and Folders =======

2013-08-09 17:13 - 2011-06-22 17:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-09 17:04 - 2012-04-20 22:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-09 17:00 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 17:00 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 16:57 - 2013-08-09 16:57 - 01790169 _____ (Farbar) C:\Users\Tukan\Desktop\FRST64.exe
2013-08-09 16:35 - 2013-08-09 16:35 - 00000000 ____D C:\FRST
2013-08-09 16:24 - 2011-06-22 17:43 - 01395767 _____ C:\Windows\WindowsUpdate.log
2013-08-09 16:22 - 2013-06-26 20:58 - 00000000 ___RD C:\Users\Tukan\Dropbox
2013-08-09 16:22 - 2013-06-26 20:55 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\Dropbox
2013-08-09 16:22 - 2011-10-11 16:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-09 16:21 - 2013-08-07 17:24 - 00000490 _____ C:\Windows\Tasks\Online Backup Update Notifier.job
2013-08-09 16:21 - 2013-04-28 12:38 - 00086860 _____ C:\Windows\system32\oodbs.lor
2013-08-09 16:21 - 2012-12-23 17:08 - 00026644 _____ C:\Windows\setupact.log
2013-08-09 16:21 - 2011-06-22 17:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-09 16:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 11:47 - 2011-04-24 01:02 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-08-09 11:47 - 2011-04-24 01:02 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-08-09 11:47 - 2009-07-14 07:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-07 23:56 - 2011-06-22 21:12 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\SoftGrid Client
2013-08-07 22:15 - 2013-08-07 22:14 - 00000000 ____D C:\Users\Public\Documents\Cairns Reiseunterlagen
2013-08-07 21:46 - 2013-05-30 13:28 - 00000000 ____D C:\Users\Tukan\Documents\MAC_Dokumente
2013-08-07 19:59 - 2009-03-07 15:26 - 00000000 ____D C:\Users\Tukan\Documents\ADRV
2013-08-07 19:30 - 2011-06-22 17:51 - 00000000 ____D C:\Users\JPS
2013-08-07 17:37 - 2013-08-07 17:37 - 00000000 ____D C:\Users\Tukan\AppData\Local\PC_Drivers_Headquarters
2013-08-07 17:37 - 2013-08-07 17:37 - 00000000 ____D C:\ProgramData\UAB
2013-08-07 17:36 - 2013-08-07 17:36 - 00002275 _____ C:\Users\Public\Desktop\DriverBoost.lnk
2013-08-07 17:36 - 2013-08-07 17:36 - 00000000 ____D C:\ProgramData\DriverBoost
2013-08-07 17:35 - 2013-08-07 17:35 - 00000000 ____D C:\Program Files (x86)\DriverBoost
2013-08-07 17:24 - 2013-08-07 17:24 - 00002009 _____ C:\Users\Public\Desktop\Malwarebytes Secure Backup.lnk
2013-08-07 17:24 - 2013-08-07 17:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Secure Backup
2013-08-07 17:24 - 2012-12-23 16:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-07 17:23 - 2013-08-07 17:23 - 00000000 ____D C:\Windows\Downloaded Installations
2013-08-07 17:05 - 2010-11-21 05:47 - 00314942 _____ C:\Windows\PFRO.log
2013-08-07 17:03 - 2013-04-28 13:48 - 00000000 ____D C:\Users\JPS\AppData\Roaming\File Scout
2013-08-07 16:01 - 2013-08-07 16:00 - 00000000 ____D C:\Users\Tukan\AppData\Local\{A2D24722-D146-4CF3-9228-63DEA2E4D669}
2013-08-07 12:18 - 2013-08-07 12:18 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-07 12:18 - 2013-08-07 12:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 15:42 - 2011-07-07 11:22 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-08-04 16:14 - 2013-08-04 16:14 - 00000000 ____D C:\Users\Tukan\Documents\Reise nach Cairns
2013-08-04 16:12 - 2013-08-04 16:12 - 00029159 _____ C:\Users\Tukan\Documents\Adressen Liste text.txt
2013-08-04 13:03 - 2010-07-30 11:17 - 00000000 ____D C:\Users\Tukan\Documents\Reisen
2013-08-04 11:15 - 2013-08-04 11:15 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 10:28 - 2013-08-04 10:28 - 00000000 ____D C:\Users\Tukan\AppData\Local\{97806D18-AB45-4327-83B4-D861C0D5BB2E}
2013-07-31 15:25 - 2011-06-22 22:13 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\Skype
2013-07-31 14:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-31 12:18 - 2011-06-22 20:57 - 00000000 ____D C:\Users\Tukan
2013-07-31 12:17 - 2012-12-20 14:09 - 00001748 _____ C:\Users\Tukan\Julia + Rohan Wadham.contact
2013-07-31 11:31 - 2011-06-22 22:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-31 11:31 - 2011-06-22 22:13 - 00000000 ____D C:\ProgramData\Skype
2013-07-31 11:01 - 2013-07-31 11:01 - 00000000 ____D C:\Users\Tukan\AppData\Local\{2A0C5A82-29CD-4F00-BCE5-0C8A41270939}
2013-07-29 23:13 - 2011-08-16 01:18 - 00000000 ____D C:\Users\JPS\AppData\Roaming\NCH Software
2013-07-29 20:49 - 2011-08-25 13:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-29 20:49 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2013-07-25 14:19 - 2013-07-21 22:22 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Systweak
2013-07-22 00:06 - 2013-07-21 22:43 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\Systweak
2013-07-21 22:53 - 2013-07-21 22:46 - 00002196 _____ C:\Windows\system32\ASOROSet.bin
2013-07-21 22:44 - 2011-04-24 14:58 - 00000000 ___RD C:\Users\Public\Desktop\Medion MediaPack
2013-07-21 22:42 - 2011-07-18 15:08 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Apple Computer
2013-07-21 22:40 - 2013-07-21 22:39 - 16437296 _____ (Systweak Inc.                                               ) C:\Users\JPS\Downloads\photostudio_r.exe
2013-07-21 22:39 - 2013-07-21 22:39 - 05499544 _____ (Systweak INC.                                               ) C:\Users\JPS\Downloads\dsusetup_r.exe
2013-07-21 22:39 - 2013-07-21 22:38 - 03756976 _____ (Systweak Inc                                                ) C:\Users\JPS\Downloads\rcpsetup_r.exe
2013-07-21 22:36 - 2011-07-07 11:48 - 00000000 ____D C:\Users\JPS\AppData\Local\Adobe
2013-07-21 22:31 - 2013-07-21 22:31 - 00238932 ____H C:\Windows\SysWOW64\mlfcache.dat
2013-07-19 12:18 - 2013-07-19 12:11 - 00000000 ____D C:\Users\JPS\AppData\Roaming\DVDVideoSoft
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Babylon
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\ProgramData\Babylon
2013-07-19 12:11 - 2013-07-19 12:11 - 00000000 ____D C:\Users\Tukan\Documents\DVDVideoSoft
2013-07-19 12:11 - 2013-07-19 12:11 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\DVDVideoSoft
2013-07-19 12:11 - 2013-03-07 14:02 - 00000000 ____D C:\Users\JPS\AppData\Roaming\OpenCandy
2013-07-19 10:54 - 2013-07-19 10:54 - 00000000 ____D C:\Users\Tukan\AppData\Local\{9EA97B51-AE16-4F1C-8F3F-52742AD3D310}
2013-07-19 10:46 - 2013-07-19 10:46 - 00000000 ____D C:\Users\Tukan\AppData\Local\{3666A9DD-8558-40D1-BADE-6430B4B5B679}
2013-07-18 19:26 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-18 17:36 - 2011-04-24 13:54 - 00045434 _____ C:\Windows\DPINST.LOG
2013-07-17 15:02 - 2013-07-17 14:59 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 14:48 - 2012-04-20 22:59 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-13 14:48 - 2011-07-12 00:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-13 13:08 - 2013-07-13 13:08 - 00000000 ____D C:\Users\Tukan\AppData\Local\{78125210-BF5F-4A09-AF9F-3FB081B369C9}
2013-07-10 21:50 - 2013-07-10 21:50 - 00000000 ____D C:\Users\Tukan\AppData\Local\{443C5905-EF3E-4D60-AA15-7646FAE5A040}
2013-07-10 21:40 - 2009-07-14 06:45 - 00481072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 21:39 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 21:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 21:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 21:38 - 2012-05-20 15:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 21:38 - 2012-05-20 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Kuranda · 09.08.2013

Guten Nachmittag Schrauber

Hier wäre also das Resultat des Scans:

Code:

 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2013 02
Ran by Tukan at 2013-08-09 18:12:43
Running from C:\Users\Tukan\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Adobe AIR (x32 Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader 8.1.0 - Deutsch (x32 Version: 8.1.0)
Adobe Reader X (10.1.2) MUI (x32 Version: 10.1.2)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
ALDI Bestellsoftware 4.9 (x32 Version: 4.9)
ALDI SÜD Mah Jong (x32)
AMI VR-pulse OS Switcher (Version: 1.1)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.39)
Audio Dedupe 2.5.0.1 (x32 Version: 2.5.0.1)
Awesome Duplicate Photo Finder v. 1.1 (x32)
Bonjour (Version: 3.0.0.10)
BrowserDefender (x32)
Canon Easy-PhotoPrint EX (x32)
Canon Easy-WebPrint EX (x32)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32)
Canon MG5200 series Benutzerregistrierung (x32)
Canon MG5200 series MP Drivers
Canon MOV Decoder (x32 Version: 1.8.0.7)
Canon MOV Encoder (x32 Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4)
Canon MP Navigator EX 4.0 (x32)
Canon My Printer (x32)
Canon Solution Menu EX (x32)
Canon Utilities Digital Photo Professional 3.10 (x32 Version: 3.10.2.0)
Canon Utilities EOS Sample Music (x32 Version: 1.0.0.204)
Canon Utilities EOS Utility (x32 Version: 2.10.2.0)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (x32 Version: 1.0.0.10)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.2.0.7)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities Picture Style Editor (x32 Version: 1.9.0.0)
Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9)
C-CHANNEL OnlineUpdate (x32)
CD-LabelPrint (x32)
CLX.PayPen - CLX.PayPen Wireless (x32 Version: 2.0.6.1)
CLX.PayPen (x32)
Complément Messenger (x32 Version: 15.4.3502.0922)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.0.686)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686)
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686)
CorelDRAW Essentials X5 - Common (x32 Version: 15.3)
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3)
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3)
CorelDRAW Essentials X5 - DE (x32 Version: 15.3)
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3)
CorelDRAW Essentials X5 - EN (x32 Version: 15.3)
CorelDRAW Essentials X5 - ES (x32 Version: 15.3)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0)
CorelDRAW Essentials X5 - Extra Content (x32)
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3)
CorelDRAW Essentials X5 - FR (x32 Version: 15.3)
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3)
CorelDRAW Essentials X5 - IT (x32 Version: 15.3)
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3)
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0)
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3)
CorelDRAW Essentials X5 - WT (x32 Version: 15.3)
CorelDRAW Essentials X5 (x32 Version: 15.2.0.686)
CorelDRAW Essentials X5 (x32 Version: 15.3)
CyberLink LabelPrint (x32 Version: 2.5.3624)
CyberLink MediaEspresso (x32 Version: 6.5.1508_36229)
CyberLink MediaShow (x32 Version: 5.1.2414)
CyberLink PhotoNow (x32 Version: 1.1.0.6904)
CyberLink Power2Go (x32 Version: 7.0.0.1327)
CyberLink PowerDirector (x32 Version: 8.0.4020)
CyberLink PowerDVD 10 (x32 Version: 10.0.2731.02)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306)
CyberLink PowerProducer (x32 Version: 5.0.2.3503)
CyberLink YouCam (x32 Version: 3.1.4013)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
devolo dLAN Cockpit (x32 Version: 1.0)
dLAN Cockpit (x32 Version: 1.19.07)
Dolby Home Theater v4 (x32 Version: 7.2.7000.4)
dows-Treiberpaket - Anoto AB (PayPen) Input Pen  (09/28/2007 2.0.0.0) (Version: 09/28/2007 2.0.0.0)
DriverBoost (x32 Version: 8.1)
Dropbox (HKCU Version: 2.2.3)
Express Burn (HKCU)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.27.0)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Earth (x32 Version: 6.2.2.6613)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.153)
ifolor Designer (x32 Version: 3.2.4.0)
Image Analyzer (x32)
Intel PROSet Wireless
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2353)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 1.0.2.0518)
Intel(R) PROSet/Wireless WiFi Software (Version: 14.0.3000)
Intel(R) Rapid Storage Technology (x32 Version: 10.1.0.1008)
Intel(R) WiDi (x32 Version: 2.1.35.0)
Internet-TV für Windows Media Center (x32 Version: 4.2.2.0)
iTunes (Version: 11.0.4.4)
JPEG Lossless Rotator 8.0
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2)
Launch Manager (x32 Version: 1.5.1.3)
MAGIX 3D Maker (embeded) (x32 Version: 6.0.0.8)
MAGIX Foto & Grafik Designer 7 (x32 Version: 7.1.2.17532)
MAGIX Fotos auf CD & DVD 10 Deluxe (x32 Version: 10.0.0.20)
MAGIX Fotos auf CD & DVD 9 deluxe 9.0.0.18 (D) (x32 Version: 9.0.0.18)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6)
MAGIX Speed burnR (x32 Version: 6.0.1.4)
MAGIX Xtreme Foto Designer 6 (x32 Version: 6.0.29.0)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Malwarebytes Secure Backup (x32 Version: 5.6.0.3556)
Medion Home Cinema (x32 Version: 8.0.2608)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Messenger kísérő (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Outlook 2010 (x32 Version: 14.0.7015.1000)
Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NETGEAR Genie (x32 Version: 2.2.27.1 )
O&O Defrag Professional (Version: 15.8.813)
PayPen (x32 Version: 1.5.0.0)
Photo Collage Maker 1.51 (x32)
PHOTOfunSTUDIO 6.1 HD Lite Edition (x32 Version: 6.01.015)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
QuickTime (x32 Version: 7.74.80.86)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6334)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7600.10010)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
ShiftN 3.6.1 (x32 Version: 3.6.1)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.6 (x32 Version: 6.6.106)
SnagIt 7 (x32 Version: 7.2)
Snap.Do (x32 Version: 1.8.1.10725)
Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0)
Spremljevalec Messenger (x32 Version: 15.4.3502.0922)
Spybot - Search & Destroy (x32 Version: 2.0.12)
Switch Audiodatei-Konverter (HKCU)
Synaptics Pointing Device Driver (Version: 15.1.12.0)
UBitMenuDE (x32 Version: 01.04)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Updater Service (x32 Version: 15,9,28,27)
UsbBoost (x32)
Versandhelfer (x32 Version: 0.9.511)
VLC media player 2.0.6 (x32 Version: 2.0.6)
VR-pulse Installer (Version: 1.4.0)
watchmi (x32 Version: 2.5.0)
WavePad Audiobearbeitungs-Software (HKCU)
WD Drive Utilities (x32 Version: 1.0.3.3)
WD Security (x32 Version: 1.0.1.5)
WD SmartWare (Version: 1.6.2.6)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Encoder 9 Series (x32 Version: 9.00.2980)
Windows Media Encoder 9 Series (x32)
Windows-Treiberpaket - C Technologies AB (PayPen) Input Pen  (09/28/2007 2.0.0.0) (Version: 09/28/2007 2.0.0.0)
WOT for Internet Explorer (Version: 12.8.2.0)
X10 Hardware(TM) (x32)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-03-15 12:19 - 00000147 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\Online Backup Update Notifier.job => ?

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2013 04:21:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 11:41:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 11:39:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 11:30:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63951923

Error: (08/09/2013 11:30:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 63951923

Error: (08/09/2013 11:30:42 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/09/2013 11:30:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63950894

Error: (08/09/2013 11:30:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 63950894

Error: (08/09/2013 11:30:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/09/2013 11:30:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63949880


System errors:
=============
Error: (08/09/2013 04:21:45 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
FNETURPX

Error: (08/09/2013 11:41:32 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
FNETURPX

Error: (08/09/2013 11:39:19 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
FNETURPX

Error: (08/09/2013 11:39:12 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WD Backup" ist vom Dienst "WD Rules" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1053

Error: (08/09/2013 11:39:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "WD Rules" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/09/2013 11:39:06 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WD Rules erreicht.

Error: (08/09/2013 11:38:36 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/09/2013 11:38:36 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst watchmi service erreicht.

Error: (08/09/2013 11:36:25 AM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (08/08/2013 03:18:33 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


Microsoft Office Sessions:
=========================
Error: (08/09/2013 04:21:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 11:41:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 11:39:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/09/2013 11:30:42 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63951923

Error: (08/09/2013 11:30:42 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 63951923

Error: (08/09/2013 11:30:42 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/09/2013 11:30:41 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63950894

Error: (08/09/2013 11:30:41 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 63950894

Error: (08/09/2013 11:30:41 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/09/2013 11:30:40 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63949880


CodeIntegrity Errors:
===================================
  Date: 2013-08-09 16:21:01.451
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\FNETURPX.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-09 16:21:01.388
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\FNETURPX.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-09 11:40:49.657
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\FNETURPX.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-09 11:40:49.594
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\FNETURPX.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-09 11:37:53.750
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\FNETURPX.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-09 11:37:53.672
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\drivers\FNETURPX.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-08 10:35:22.367
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-08 10:35:22.366
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-08 10:35:22.364
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-08 10:35:22.352
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 59%
Total physical RAM: 4003.01 MB
Available physical RAM: 1625.29 MB
Total Pagefile: 8004.2 MB
Available Pagefile: 5090.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:657.54 GB) (Free:172.11 GB) NTFS (Disk=0 Partition=2)
Drive d: (Recover) (Fixed) (Total:37.99 GB) (Free:16.01 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

==================== End Of Log ============================

schrauber · 11.08.2013

Hi,

sorry für die Verspätung, irgendwie hab ich keine Beanchrichtigung bekommen. Scans müssen immer mit Adminrechten gemacht werden, und vom Desktop aus.

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Andreas_S. · 11.08.2013

Hier die WOT Benutzerkommentare zu performersoft

performersoft.com | WOT Reputation Scorecard | WOT (Web of Trust)

Performersoft LLC - Installer erfordert Berechtigung

Kuranda

schrauber

Kuranda

Kuranda

Kuranda

Kuranda

schrauber

Andreas_S.

Performersoft LLC - Installer erfordert Berechtigung

ANGEBOTE & SPONSOREN

Neueste Themen

Statistik des Forums