Firefox und Opera fragen sporadisch nach Zertifikaten.

Linn · 28.03.2012, 23:26

Guten Abend,

ich habe folgendes Problem und zwar behaupten meine Browser Firefox und Opera, dass z.B. google.de oder msn.de abgelaufene Zertifikate benutzen und ich diese Webseiten als "Ausnahme" einstellen soll.

Irgendwie kommt mir das spanisch vor und ich vermute einen Trojaner oder sowas...

.DDS Logfile:

Code:

ATTFilter

DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_30
Run by home at 0:02:07 on 2012-03-29
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.8175.6072 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
D:\Programme\Sandbox\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\QipGuard\QipGuard.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
D:\Programme\Sandbox\SbieCtrl.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\XFastUsb\XFastUsb.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://de.ask.com/?l=dis&o=102869&gct=hp
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 165.193.102.220:80
mSearchAssistant = 
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit=userinit.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: QIPBHO Class: {95289393-33ea-4f8d-b952-483415b9c955} - C:\Users\home\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [ASRockXTU] 
uRun: [zASRockInstantBoot] 
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [PlayNC Launcher] 
uRun: [Google Update] "C:\Users\home\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "D:\Games\steam\steam.exe" -silent
uRun: [SandboxieControl] "D:\Programme\Sandbox\SbieCtrl.exe"
uRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
uRun: [ManyCam] "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [UpgradeHelper] C:\Users\home\AppData\Roaming\Google Inc.\{8A7C7B9B-4F7F-496B-9DED-50738844047D}\UpgradeHelper.exe
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Kone] "C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [<NO NAME>] 
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\home\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\home\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: An OneNote s&enden - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{1A0C9458-3D2D-4E9A-9736-CB81D5401609} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{90F4C2C9-B4FD-48C7-A423-54E4C6ABA4F2} : NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{913EE7C8-3A6A-42B9-9C7A-2A7FA74E7E64} : DhcpNameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{9D75991B-8956-47F1-A15E-C524CF14E564} : DhcpNameServer = 10.76.96.1
TCP: Interfaces\{B5D7555E-A199-42C5-BDF0-58AFB3A0118A} : DhcpNameServer = 192.168.178.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
{000123B4-9B42-4900-B3F7-F4B073EFC214}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
BHO-X64: {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No File
{53707962-6F74-2D53-2644-206D7942484F}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{95289393-33EA-4F8D-B952-483415B9C955}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
{D4027C7F-154A-4066-A1AD-4243D8127440}
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [Kone] "C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [(Standard)] 
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\waxx7txo.default\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Users\home\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\home\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\home\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AsrAppCharger;AsrAppCharger;C:\Windows\system32\DRIVERS\AsrAppCharger.sys --> C:\Windows\system32\DRIVERS\AsrAppCharger.sys [?]
R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-7-6 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-7-6 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2011-11-23 70496]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-1-6 331608]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-3 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-28 652360]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 80896]
R2 QipGuard;QipGuard;C:\Program Files (x86)\QipGuard\QipGuard.exe [2011-12-31 191440]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-28 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;D:\Programme\Sandbox\SbieDrv.sys [2011-10-12 157824]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2011-11-23 110944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-14 136176]
S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2012-3-10 2430128]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-6-3 130976]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-14 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\system32\DRIVERS\ewusbdev.sys --> C:\Windows\system32\DRIVERS\ewusbdev.sys [?]
S3 KoneFltr;ROCCAT Kone;C:\Windows\system32\drivers\Kone.sys --> C:\Windows\system32\drivers\Kone.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft-Netzwerkinspektion;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-28 20:45:22	--------	d-----w-	C:\Users\home\AppData\Roaming\Malwarebytes
2012-03-28 20:45:17	23152	----a-w-	C:\Windows\System32\drivers\mbam.sys
2012-03-28 20:45:17	--------	d-----w-	C:\ProgramData\Malwarebytes
2012-03-28 20:45:17	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-28 20:02:37	--------	d-----w-	C:\Users\home\AppData\Roaming\Windows Desktop Search
2012-03-28 20:02:15	--------	d-----w-	C:\Users\home\AppData\Roaming\Google Inc
2012-03-28 19:59:58	--------	d-----w-	C:\ProgramData\Spybot - Search & Destroy
2012-03-28 19:59:58	--------	d-----w-	C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-28 19:47:59	--------	d-----w-	C:\Users\home\AppData\Local\{29B6CC2E-446E-4CB9-A748-B3DB33A7FD46}
2012-03-28 19:42:59	8669240	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A86865C0-AC2E-4D03-B04F-6E5BA96EB538}\mpengine.dll
2012-03-28 19:37:35	--------	d-----w-	C:\Windows\PCHEALTH
2012-03-27 11:44:12	--------	d-----w-	C:\Users\home\AppData\Local\{66A321F4-9294-4344-9856-F458966ADEEB}
2012-03-27 11:44:02	--------	d-----w-	C:\Users\home\AppData\Local\{135B37AC-8F62-4B97-843A-37BD47756E94}
2012-03-26 12:52:22	--------	d-----w-	C:\Users\home\AppData\Local\{9B0351EA-4806-450C-90C5-48ADAB046C62}
2012-03-26 12:52:02	--------	d-----w-	C:\Users\home\AppData\Local\{69091EFF-1A36-4BD2-8CA2-B49FA083652A}
2012-03-25 12:53:16	--------	d-----w-	C:\Users\home\AppData\Local\{8EF5A100-3EDF-4807-9200-1FEA8AA0059F}
2012-03-25 12:52:55	--------	d-----w-	C:\Users\home\AppData\Local\{4702BFD1-E542-4F96-BFDF-132BDB6D48C9}
2012-03-25 00:52:32	--------	d-----w-	C:\Users\home\AppData\Local\{3202B326-202A-4C56-B096-F6CEB5D0118F}
2012-03-25 00:52:11	--------	d-----w-	C:\Users\home\AppData\Local\{BB8F8D57-D9B9-4CE9-B045-5024BAB73026}
2012-03-24 12:52:00	--------	d-----w-	C:\Users\home\AppData\Local\{E437A1DE-4783-4611-B2A6-40666377F3A2}
2012-03-24 12:51:50	--------	d-----w-	C:\Users\home\AppData\Local\{02BF254E-D006-401D-8394-028245F4D841}
2012-03-23 19:30:52	--------	d-----w-	C:\Users\home\AppData\Local\{A06A8D4E-3B3C-4913-B298-919EEC217034}
2012-03-23 19:30:31	--------	d-----w-	C:\Users\home\AppData\Local\{601AC868-F77A-4F14-AA2E-25733027956E}
2012-03-23 07:30:08	--------	d-----w-	C:\Users\home\AppData\Local\{4BE428F8-B146-4AFA-AFCE-20689299D756}
2012-03-23 07:29:58	--------	d-----w-	C:\Users\home\AppData\Local\{6E2A1FC6-654F-469F-A51D-6BC970AAD202}
2012-03-22 14:16:04	--------	d-----w-	C:\Users\home\AppData\Local\{5BA6ABD3-8495-4A9A-BDAC-008868CDDC32}
2012-03-22 14:15:54	--------	d-----w-	C:\Users\home\AppData\Local\{954B1ACC-3AA8-4F0B-9D92-AE207A772AE4}
2012-03-22 00:18:52	--------	d-----w-	C:\Users\home\AppData\Local\{391E8281-38A9-4FCC-B572-2A5ED0CF91FD}
2012-03-22 00:18:30	--------	d-----w-	C:\Users\home\AppData\Local\{6B471BB8-1DAF-43EE-9780-5CB49B45BFF6}
2012-03-21 12:18:07	--------	d-----w-	C:\Users\home\AppData\Local\{13E7607E-446E-42CA-8E7C-57A0B5FE39A1}
2012-03-21 12:17:58	--------	d-----w-	C:\Users\home\AppData\Local\{6FAA7E6E-7BCB-4500-9C5B-960841BB2188}
2012-03-20 23:28:12	--------	d-----w-	C:\Users\home\AppData\Local\{66A02FDA-FE8D-43CD-AC97-5989D60060D1}
2012-03-20 23:28:03	--------	d-----w-	C:\Users\home\AppData\Local\{D513AE2E-FE59-4F75-A3CB-F51C09123706}
2012-03-20 23:27:53	--------	d-----w-	C:\Users\home\AppData\Local\{7D4E264C-0D63-43CA-8303-10CE57B4116C}
2012-03-20 23:27:32	--------	d-----w-	C:\Users\home\AppData\Local\{F162FE52-4FCD-40D4-81B7-519B5FCBA17D}
2012-03-20 21:12:20	--------	d-----w-	C:\ProgramData\AMD
2012-03-20 21:12:20	--------	d-----w-	C:\Program Files (x86)\AMD AVT
2012-03-20 21:12:19	--------	d-----w-	C:\Program Files (x86)\AMD APP
2012-03-20 18:17:36	--------	d-----w-	C:\Users\home\AppData\Roaming\Utnom
2012-03-20 18:17:36	--------	d-----w-	C:\Users\home\AppData\Roaming\Oziwow
2012-03-20 11:27:21	--------	d-----w-	C:\Users\home\AppData\Local\{15A583FB-396D-4252-878C-8CB7AA5B5554}
2012-03-20 11:27:12	--------	d-----w-	C:\Users\home\AppData\Local\{7C0B29C5-48B5-45AB-998E-3027697B48D5}
2012-03-19 14:18:34	--------	d-----w-	C:\Users\home\AppData\Local\{9DCF564C-2F21-4656-9BF0-6CE1A9205402}
2012-03-19 14:18:24	--------	d-----w-	C:\Users\home\AppData\Local\{5F5A1626-6077-46DC-BC7B-415480CFF8C6}
2012-03-18 16:16:13	258048	----a-w-	C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2012-03-18 13:27:02	--------	d-----w-	C:\Users\home\AppData\Roaming\DiskAid
2012-03-18 13:26:59	--------	d-----w-	C:\Program Files (x86)\DigiDNA
2012-03-18 12:20:01	--------	d-----w-	C:\Users\home\AppData\Local\{D1A13F73-7676-47FC-91DD-3378F9104ABF}
2012-03-18 12:19:51	--------	d-----w-	C:\Users\home\AppData\Local\{63264308-11F1-48F5-826E-3D4AA01723F7}
2012-03-17 23:49:30	--------	d-----w-	C:\Users\home\AppData\Local\{77D583BA-88F3-4877-922B-34C911C47460}
2012-03-17 23:49:09	--------	d-----w-	C:\Users\home\AppData\Local\{50021A01-1DA6-49C3-BA88-C01EFBEF47FC}
2012-03-17 11:48:46	--------	d-----w-	C:\Users\home\AppData\Local\{88455C9E-2315-463C-9E43-8F64516580B2}
2012-03-17 11:48:36	--------	d-----w-	C:\Users\home\AppData\Local\{40D4E908-D0B3-4AD8-B104-A8127F3FFC10}
2012-03-17 00:08:28	--------	d-----w-	C:\Users\home\AppData\Local\Opera
2012-03-16 22:25:27	--------	d-----w-	C:\Users\home\AppData\Local\{7C686F56-F52F-40DD-B7DE-390100917C91}
2012-03-16 10:25:07	--------	d-----w-	C:\Users\home\AppData\Local\{162EDD12-D5A6-442C-82C5-D5A4BC1FF5D4}
2012-03-16 10:24:46	--------	d-----w-	C:\Users\home\AppData\Local\{2E34D632-6AA6-4BFB-AFFE-08533D30459C}
2012-03-15 22:24:23	--------	d-----w-	C:\Users\home\AppData\Local\{BF70611E-F3AF-4FA4-960C-BCC5CE09C2B1}
2012-03-15 22:24:02	--------	d-----w-	C:\Users\home\AppData\Local\{7070CC9B-1C9D-4657-BD1D-D752AADFC666}
2012-03-15 06:36:27	--------	d-----w-	C:\Users\home\AppData\Local\{59EA3644-A31A-4060-A0EB-5A6A390DCB78}
2012-03-15 06:36:17	--------	d-----w-	C:\Users\home\AppData\Local\{34DB2B28-6BB7-4B72-9170-F9D40094DB19}
2012-03-14 14:19:43	5559152	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-03-14 14:19:42	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 14:19:42	3913584	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 12:15:19	3145728	----a-w-	C:\Windows\System32\win32k.sys
2012-03-14 12:15:19	1544192	----a-w-	C:\Windows\System32\DWrite.dll
2012-03-14 12:15:19	1077248	----a-w-	C:\Windows\SysWow64\DWrite.dll
2012-03-14 12:14:47	9216	----a-w-	C:\Windows\System32\rdrmemptylst.exe
2012-03-14 12:14:47	826880	----a-w-	C:\Windows\SysWow64\rdpcore.dll
2012-03-14 12:14:47	77312	----a-w-	C:\Windows\System32\rdpwsx.dll
2012-03-14 12:14:47	23552	----a-w-	C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 12:14:47	210944	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 12:14:47	149504	----a-w-	C:\Windows\System32\rdpcorekmts.dll
2012-03-14 12:14:47	1112064	----a-w-	C:\Windows\System32\rdpcorets.dll
2012-03-14 12:14:47	1031680	----a-w-	C:\Windows\System32\rdpcore.dll
2012-03-14 12:11:42	--------	d-----w-	C:\Users\home\AppData\Local\{B8A76CD8-A0A0-44C1-8B0E-75785E6F4BC7}
2012-03-14 12:11:32	--------	d-----w-	C:\Users\home\AppData\Local\{CD737A61-0ED8-4454-9513-CAF8AEBD771A}
2012-03-13 14:16:04	--------	d-----w-	C:\Users\home\AppData\Local\{A6BE3885-B184-4F2B-9783-7CD5C6F7324F}
2012-03-13 14:15:43	--------	d-----w-	C:\Users\home\AppData\Local\{30E417FB-E04D-46FC-A80E-EE0F8FD83089}
2012-03-12 14:29:25	--------	d-----w-	C:\Users\home\AppData\Local\{707557CE-1D76-4281-8F95-84D1B3E88211}
2012-03-12 14:29:15	--------	d-----w-	C:\Users\home\AppData\Local\{C8F39CD8-8DC5-41DC-9342-FE9329B67677}
2012-03-11 23:03:02	--------	d-----w-	C:\Users\home\AppData\Local\{761E705B-7567-4A37-B19A-97ED7F9A5C28}
2012-03-11 23:02:44	--------	d-----w-	C:\Users\home\AppData\Local\{989B11A3-20E0-45AE-A5B6-8C23C8402ECF}
2012-03-11 19:36:38	--------	d-----w-	C:\Program Files (x86)\pidgin-otr
2012-03-11 11:02:21	--------	d-----w-	C:\Users\home\AppData\Local\{D4125962-6B10-49E8-A900-3246D062AC90}
2012-03-11 11:02:11	--------	d-----w-	C:\Users\home\AppData\Local\{92E8654E-1BDC-4543-93D5-DBE3D3356E36}
2012-03-10 15:21:42	29696	----a-w-	C:\Windows\System32\drivers\tap0901.sys
2012-03-10 15:21:41	--------	d-----w-	C:\Program Files\CyberGhost VPN
2012-03-10 15:07:13	--------	d-----w-	C:\Users\home\AppData\Local\{0B661169-FFF5-4D93-92A4-D2DA2BDA2EC5}
2012-03-10 15:07:03	--------	d-----w-	C:\Users\home\AppData\Local\{7D3576A6-1FE5-49CE-8B09-010ADFAF8DCC}
2012-03-09 19:13:18	--------	d-----w-	C:\Users\home\AppData\Local\{6B30A435-92CF-4D6F-9608-66D7CFFF903E}
2012-03-09 19:13:08	--------	d-----w-	C:\Users\home\AppData\Local\{ED1CA00E-E10A-448A-B1F7-4B2416019DA2}
2012-03-09 19:12:59	--------	d-----w-	C:\Users\home\AppData\Local\{5DD296A5-296D-4123-AF39-000F7429646D}
2012-03-09 19:12:38	--------	d-----w-	C:\Users\home\AppData\Local\{C2CF58C8-27F7-4CB9-9A12-787E9BCF3CEF}
2012-03-09 07:12:15	--------	d-----w-	C:\Users\home\AppData\Local\{2E4AF11A-62CA-4ED4-9D6B-C0BAD1F95617}
2012-03-09 07:12:05	--------	d-----w-	C:\Users\home\AppData\Local\{F83A6ECC-2B95-4023-8789-F09A47EFD9A6}
2012-03-08 23:22:27	--------	d-----w-	C:\Program Files\iPod
2012-03-08 23:22:26	--------	d-----w-	C:\Program Files\iTunes
2012-03-08 23:22:26	--------	d-----w-	C:\Program Files (x86)\iTunes
2012-03-08 16:50:28	49016	----a-w-	C:\Windows\SysWow64\sirenacm.dll
2012-03-08 14:12:28	--------	d-----w-	C:\Users\home\AppData\Local\{80DCD778-ABC2-49A3-B017-145C1A42A38C}
2012-03-08 14:12:17	--------	d-----w-	C:\Users\home\AppData\Local\{25530F9D-296A-406E-B178-517F6A050461}
2012-03-08 00:20:47	--------	d-----w-	C:\Users\home\AppData\Local\{759858BE-0F23-4177-9275-31EA247ABB89}
2012-03-08 00:20:36	--------	d-----w-	C:\Users\home\AppData\Local\{94E16D21-746F-4141-BE9F-D1684CD9DFAD}
2012-03-07 20:00:03	--------	d-----w-	C:\ProgramData\CCP
2012-03-07 19:34:45	--------	d-----w-	C:\Users\home\AppData\Local\CCP
2012-03-07 16:24:21	--------	d-----w-	C:\Program Files (x86)\Gameforge
2012-03-07 12:20:13	--------	d-----w-	C:\Users\home\AppData\Local\{65B9FFCC-7A23-4A6A-9BF0-4F7F6D7C3A2A}
2012-03-07 12:20:03	--------	d-----w-	C:\Users\home\AppData\Local\{3F00E095-3778-4006-9879-D724640BA657}
2012-03-06 12:08:30	--------	d-----w-	C:\Users\home\AppData\Local\{436C021F-0A39-4D71-9F35-3627ECBB8579}
2012-03-06 12:08:21	--------	d-----w-	C:\Users\home\AppData\Local\{EB910320-6915-46A4-9604-9450EC5BA0E6}
2012-03-05 20:10:33	--------	d-----w-	C:\Users\home\AppData\Local\{50BFCB9F-DDB8-4EC0-8F65-1743F3FA140B}
2012-03-05 20:10:12	--------	d-----w-	C:\Users\home\AppData\Local\{B4486BD4-5B9B-4AAD-82CA-9328A5CB62FC}
2012-03-05 07:40:39	--------	d-----w-	C:\Users\home\AppData\Local\{A385F8C3-5CF8-4128-B24A-B8B479AECE83}
2012-03-05 07:40:27	--------	d-----w-	C:\Users\home\AppData\Local\{EE937100-30E8-458B-A2F7-95A2BD7D32EF}
2012-03-04 15:03:54	--------	d-----w-	C:\Users\home\AppData\Local\{85E7CDA6-21D4-4599-8F54-E9A4823A2138}
2012-03-04 15:03:32	--------	d-----w-	C:\Users\home\AppData\Local\{7ED35182-B29F-4DB2-A011-77786B1178F5}
2012-03-04 03:03:09	--------	d-----w-	C:\Users\home\AppData\Local\{E51263A9-3BA1-48CF-AED6-12777C1DF0C6}
2012-03-04 03:02:51	--------	d-----w-	C:\Users\home\AppData\Local\{4278B73A-C077-4937-AE64-C7C2CB3B2097}
2012-03-03 14:57:24	--------	d-----w-	C:\Users\home\AppData\Local\{EBF0C8BD-A17E-4263-BC06-B221FDE47339}
2012-03-03 14:57:14	--------	d-----w-	C:\Users\home\AppData\Local\{A6CCD878-1F8F-45D0-B6D1-3FE889E59A83}
2012-03-03 14:48:00	--------	d-----w-	C:\Users\home\AppData\Local\{1B1938D1-FAF0-4141-BB15-3EB00F815E53}
2012-03-02 19:20:39	--------	d-----w-	C:\Users\home\AppData\Local\{782CA924-7697-468A-86AB-D3F76D0C33C9}
2012-03-02 19:20:18	--------	d-----w-	C:\Users\home\AppData\Local\{61A677DA-34B0-45E7-8D0C-376FFF31511E}
2012-03-02 07:19:55	--------	d-----w-	C:\Users\home\AppData\Local\{4B456DD9-A384-4788-AE3D-849415CF2D43}
2012-03-02 07:19:45	--------	d-----w-	C:\Users\home\AppData\Local\{3FB905BE-52B3-4395-86E2-F10F5D8555CF}
2012-03-01 14:08:45	--------	d-----w-	C:\Users\home\AppData\Local\{1D14BAE5-12A4-42C2-B700-EB12810F5ECA}
2012-03-01 14:08:35	--------	d-----w-	C:\Users\home\AppData\Local\{0C29C5E4-970E-4F93-8D28-16BB56AC16EA}
2012-03-01 00:37:29	--------	d-----w-	C:\Users\home\AppData\Local\{6EE30619-C092-489D-A6D6-DF9A867B14AD}
2012-03-01 00:37:19	--------	d-----w-	C:\Users\home\AppData\Local\{13781590-5AC5-4BE0-922C-F48C76AF234D}
2012-02-29 19:31:29	--------	d-----w-	C:\Program Files (x86)\Ask.com
2012-02-29 19:31:25	--------	d-----w-	C:\Users\home\AppData\Local\ManyCam
2012-02-29 19:05:44	--------	d-----w-	C:\Program Files\ThinkBuzan
2012-02-29 18:59:17	--------	d-----w-	C:\Users\home\.thinkbuzan
2012-02-29 18:59:11	--------	d-----w-	C:\ProgramData\ThinkBuzan
2012-02-29 18:59:11	--------	d-----w-	C:\ProgramData\JSoft
2012-02-29 18:51:47	--------	d-----w-	C:\Program Files (x86)\ThinkBuzan
2012-02-29 12:19:48	--------	d-----w-	C:\Users\home\AppData\Local\{A2024235-0825-4A0C-B816-20233D41BEB9}
2012-02-29 12:19:38	--------	d-----w-	C:\Users\home\AppData\Local\{A2DA9F80-77EC-4CCB-9B34-66B81B97608F}
2012-02-28 14:25:39	--------	d-----w-	C:\Users\home\AppData\Local\{ECACFA59-0C0F-4DA6-B258-3B5E0090CCC7}
2012-02-28 14:25:30	--------	d-----w-	C:\Users\home\AppData\Local\{E4B2D56D-5F49-474D-888B-C61B4A20C0B1}
.
==================== Find3M  ====================
.
2012-03-03 23:18:52	282864	----a-w-	C:\Windows\SysWow64\PnkBstrB.xtr
2012-03-03 23:18:52	282864	----a-w-	C:\Windows\SysWow64\PnkBstrB.exe
2012-03-03 23:14:56	280904	----a-w-	C:\Windows\SysWow64\PnkBstrB.ex0
2012-03-02 18:51:34	414368	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 10:01:50	52736	----a-w-	C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 10:01:50	4547944	----a-w-	C:\Windows\System32\usbaaplrc.dll
2012-02-15 03:48:32	10856960	----a-w-	C:\Windows\System32\drivers\atikmdag.sys
2012-02-15 03:21:24	25839104	----a-w-	C:\Windows\System32\atio6axx.dll
2012-02-15 03:18:56	159744	----a-w-	C:\Windows\System32\atiapfxx.exe
2012-02-15 03:18:40	791040	----a-w-	C:\Windows\SysWow64\aticfx32.dll
2012-02-15 03:17:04	957952	----a-w-	C:\Windows\System32\aticfx64.dll
2012-02-15 03:13:56	442368	----a-w-	C:\Windows\System32\ATIDEMGX.dll
2012-02-15 03:13:40	496128	----a-w-	C:\Windows\System32\atieclxx.exe
2012-02-15 03:13:00	235520	----a-w-	C:\Windows\System32\atiesrxx.exe
2012-02-15 03:11:42	120320	----a-w-	C:\Windows\System32\atitmm64.dll
2012-02-15 03:10:58	21504	----a-w-	C:\Windows\System32\atimuixx.dll
2012-02-15 03:10:54	59392	----a-w-	C:\Windows\System32\atiedu64.dll
2012-02-15 03:10:48	43520	----a-w-	C:\Windows\SysWow64\ati2edxx.dll
2012-02-15 03:07:44	6200320	----a-w-	C:\Windows\SysWow64\atidxx32.dll
2012-02-15 02:58:56	19392000	----a-w-	C:\Windows\SysWow64\atioglxx.dll
2012-02-15 02:52:28	7646208	----a-w-	C:\Windows\System32\atidxx64.dll
2012-02-15 02:41:28	1113088	----a-w-	C:\Windows\System32\atiumd6v.dll
2012-02-15 02:40:54	1828864	----a-w-	C:\Windows\SysWow64\atiumdmv.dll
2012-02-15 02:40:42	4958208	----a-w-	C:\Windows\System32\atiumd6a.dll
2012-02-15 02:34:56	51200	----a-w-	C:\Windows\System32\aticalrt64.dll
2012-02-15 02:34:54	46080	----a-w-	C:\Windows\SysWow64\aticalrt.dll
2012-02-15 02:34:46	44544	----a-w-	C:\Windows\System32\aticalcl64.dll
2012-02-15 02:34:44	44032	----a-w-	C:\Windows\SysWow64\aticalcl.dll
2012-02-15 02:34:36	5954048	----a-w-	C:\Windows\SysWow64\atiumdag.dll
2012-02-15 02:34:30	13859840	----a-w-	C:\Windows\System32\aticaldd64.dll
2012-02-15 02:29:52	5062656	----a-w-	C:\Windows\SysWow64\atiumdva.dll
2012-02-15 02:29:50	11561984	----a-w-	C:\Windows\SysWow64\aticaldd.dll
2012-02-15 02:25:06	7551488	----a-w-	C:\Windows\System32\atiumd64.dll
2012-02-15 02:16:38	58880	----a-w-	C:\Windows\System32\coinst.dll
2012-02-15 02:14:00	512000	----a-w-	C:\Windows\System32\atiadlxx.dll
2012-02-15 02:13:50	356352	----a-w-	C:\Windows\SysWow64\atiadlxy.dll
2012-02-15 02:13:36	17408	----a-w-	C:\Windows\System32\atig6pxx.dll
2012-02-15 02:13:32	14336	----a-w-	C:\Windows\SysWow64\atiglpxx.dll
2012-02-15 02:13:32	14336	----a-w-	C:\Windows\System32\atiglpxx.dll
2012-02-15 02:13:28	39936	----a-w-	C:\Windows\System32\atig6txx.dll
2012-02-15 02:13:20	33280	----a-w-	C:\Windows\SysWow64\atigktxx.dll
2012-02-15 02:13:12	327680	----a-w-	C:\Windows\System32\drivers\atikmpag.sys
2012-02-15 02:12:22	43008	----a-w-	C:\Windows\System32\atiuxp64.dll
2012-02-15 02:12:14	33280	----a-w-	C:\Windows\SysWow64\atiuxpag.dll
2012-02-15 02:12:08	39936	----a-w-	C:\Windows\System32\atiu9p64.dll
2012-02-15 02:12:00	30208	----a-w-	C:\Windows\SysWow64\atiu9pag.dll
2012-02-15 02:11:22	53248	----a-w-	C:\Windows\System32\drivers\ati2erec.dll
2012-02-15 02:11:16	54784	----a-w-	C:\Windows\System32\atimpc64.dll
2012-02-15 02:11:16	54784	----a-w-	C:\Windows\System32\amdpcom64.dll
2012-02-15 02:11:10	53760	----a-w-	C:\Windows\SysWow64\atimpc32.dll
2012-02-15 02:11:10	53760	----a-w-	C:\Windows\SysWow64\amdpcom32.dll
2012-02-14 21:05:32	69632	----a-w-	C:\Windows\System32\OpenVideo64.dll
2012-02-14 21:05:26	59904	----a-w-	C:\Windows\SysWow64\OpenVideo.dll
2012-02-14 21:05:20	61952	----a-w-	C:\Windows\System32\OVDecode64.dll
2012-02-14 21:05:16	54784	----a-w-	C:\Windows\SysWow64\OVDecode.dll
2012-02-14 21:05:08	16507904	----a-w-	C:\Windows\System32\amdocl64.dll
2012-02-14 21:04:26	13238272	----a-w-	C:\Windows\SysWow64\amdocl.dll
2012-02-14 21:03:44	54272	----a-w-	C:\Windows\System32\OpenCL.dll
2012-02-14 21:03:38	48128	----a-w-	C:\Windows\SysWow64\OpenCL.dll
2012-01-31 12:44:20	279656	------w-	C:\Windows\System32\MpSigStub.exe
2012-01-31 05:02:26	21504	----a-w-	C:\Windows\System32\kdbsdk64.dll
2012-01-31 05:00:24	16896	----a-w-	C:\Windows\SysWow64\kdbsdk32.dll
2012-01-05 01:40:23	76888	----a-w-	C:\Windows\SysWow64\PnkBstrA.exe
2012-01-04 10:44:20	509952	----a-w-	C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41	442880	----a-w-	C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08	515584	----a-w-	C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56	478720	----a-w-	C:\Windows\SysWow64\timedate.cpl
2006-05-03 09:06:54	163328	--sha-r-	C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16	31232	--sha-r-	C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52	216064	--sha-r-	C:\Windows\SysWOW64\nbDX.dll
.
============= FINISH:  0:02:19,55 ===============

--- --- ---

kira · 29.03.2012, 08:33

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner - Installer herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Firefox und Opera fragen sporadisch nach Zertifikaten.

Log-Analyse und Auswertung: Firefox und Opera fragen sporadisch nach Zertifikaten.

Firefox und Opera fragen sporadisch nach Zertifikaten.

Firefox und Opera fragen sporadisch nach Zertifikaten.

Ähnliche Themen: Firefox und Opera fragen sporadisch nach Zertifikaten.