Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Browser & Antivirenprogramme stürzen ständig ab nach Virenfund

Browser & Antivirenprogramme stürzen ständig ab nach Virenfund


Log-Analyse und Auswertung: Browser & Antivirenprogramme stürzen ständig ab nach Virenfund

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 08.06.2012, 19:18   #1
myspam69
 
Browser & Antivirenprogramme stürzen ständig ab nach Virenfund - Standard

Browser & Antivirenprogramme stürzen ständig ab nach Virenfund


Hallo zusammen,

auch hier ein kleines Problem ... aber der Reihe nach:

Wie alles anfing:
  • Auto-Protect von Norton Antivirus 2012 stürzt immer ab (Fehler 3035,6), Reparatur von Auto-Protect schlägt fehl.
  • Gleichzeitig stürzen Firefox und Chrome ab beim Versuch, diese zu starten
  • De-install von NAV (mit Norton Removal Tool) und Neuinstallation bei Norton führt erst zur Besserung. Dann wieder dieselben Symptome wie oben beschrieben.
  • Erneutes de-install von NAV (wieder mit Norton Removal Tool) OHNE Neuinstallation von NAV löst das Problem mit den Browsern
  • Dann Installation von Avira: Zunächst scheint alles zu funktionieren, dann stürzen Avira-Dienste ab, Update geht nicht und auch die Browser (FF12 / Chrome 19) stürzen wieder ab (IE 9 geht).
  • De-installation von Avira und nach Neustart Installation von Avast. Wieder Probleme mit Antivirus und den Browsern (FF12/GC19)
  • De-install aller Antivirenprogramme führt dazu, daß die Browser wieder laufen.
  • Installation von Malwarebytes Anti-Malware deutet auf einige Funde hin. Werden unter Quarantäne gestellt. Neuer Scan führt zu keinen neuen Ergebnissen.
  • Danach wieder Installation von Norton Antivirus 2012: Probleme beim Update, FF12 stürzt ab ...
  • Damit ich den PC nutzen kann, habe ich jetzt erstmal alle Antivirenprogramme deinstalliert. Einzig Malwarebytes ist noch drauf. Aber das ist ja wohl auch kein Zustand.

Ähnliches habe ich in den Foren schon gelesen - aber bevor ich jetzt die diversen beschriebenen Tools selbst anwende und mir das System vollständig zerschieße ... vielleicht könnt ihr mir weiterhelfen!

Danke schon jetzt!

Grüße,
Myspam69

-------------------- LOGFILES---------------------------------------

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
FH :: FH-PC [Administrator]

Schutz: Aktiviert

27.04.2012 20:32:53
mbam-log-2012-04-27 (20-32-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202624
Laufzeit: 1 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCU\SOFTWARE\JRMX9X1GML (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
OTL.TXT

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.06.2012 20:26:30 - Run 5
OTL by OldTimer - Version 3.2.47.0     Folder = C:\Users\FH\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,97 Gb Available Physical Memory | 74,61% Memory free
16,00 Gb Paging File | 13,94 Gb Available in Paging File | 87,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 62,77 Gb Free Space | 42,88% Space Free | Partition Type: NTFS
Drive D: | 687,37 Gb Total Space | 300,10 Gb Free Space | 43,66% Space Free | Partition Type: NTFS
Drive Z: | 97,66 Gb Total Space | 39,94 Gb Free Space | 40,90% Space Free | Partition Type: NTFS
 
Computer Name: FH-PC | User Name: FH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.08 19:48:16 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\FH\Downloads\OTL.exe
PRC - [2012.06.08 19:48:09 | 000,050,477 | ---- | M] () -- C:\Users\FH\Downloads\Defogger.exe
PRC - [2012.06.06 21:15:27 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\FH\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.10 16:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2011.01.10 16:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.01.10 16:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2010.09.23 18:15:18 | 000,350,256 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010.09.23 01:25:24 | 000,107,568 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2010.09.23 01:24:22 | 000,265,776 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2010.09.22 21:19:06 | 000,325,168 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2009.04.10 10:33:16 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.04.10 10:32:46 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.08 19:48:09 | 000,050,477 | ---- | M] () -- C:\Users\FH\Downloads\Defogger.exe
MOD - [2012.06.06 21:15:27 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.09.23 01:25:24 | 000,107,568 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2010.09.23 01:25:04 | 000,006,192 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-ger.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.10 12:17:16 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Disabled | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011.04.20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.04 20:53:34 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012.05.09 18:42:29 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.22 18:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011.07.05 02:33:00 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service)
SRV - [2011.01.10 16:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.01.10 16:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.09.23 18:15:18 | 000,350,256 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010.09.23 01:25:28 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2010.09.23 01:24:22 | 000,265,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010.09.22 21:19:06 | 000,325,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.10 10:32:46 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012.04.10 12:17:14 | 000,164,528 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)
DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.01.11 21:03:38 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.07.05 02:33:02 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.05.12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\2DB9.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011.04.20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.04.20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.04.20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.03.30 13:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.12.14 05:54:12 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV:64bit: - [2010.12.14 05:54:12 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV:64bit: - [2010.12.14 05:54:12 | 000,027,136 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010.12.14 05:54:12 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN) Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)
DRV:64bit: - [2010.12.14 05:54:12 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.11 08:37:32 | 000,408,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.09.22 21:19:02 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.06.16 22:33:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 10:47:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.10 10:23:56 | 000,409,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2007.06.25 05:37:14 | 000,108,032 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV - [2010.01.29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 9F 0D 3D 98 D0 C9 01  [binary data]
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\FH\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\FH\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\FH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\FH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\bluejeans.com/bjnplugin: C:\Users\FH\AppData\Roaming\bluejeans\bjnplugin\1.0.0.220\npbjnplugin_1.0.0.220.dll (bluejeans)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009.11.05 22:36:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.06 21:15:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.05.28 21:52:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FH\AppData\Roaming\mozilla\Extensions
[2012.06.03 10:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FH\AppData\Roaming\mozilla\Firefox\Profiles\ax7ky0ja.default\extensions
[2012.05.24 20:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FH\AppData\Roaming\mozilla\Firefox\Profiles\i7ll0yj0.default\extensions
[2012.06.06 21:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.28 22:03:07 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\FH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AX7KY0JA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.03 10:32:27 | 000,185,022 | ---- | M] () (No name found) -- C:\USERS\FH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AX7KY0JA.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
[2012.06.06 21:15:27 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.06 21:15:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.06 21:15:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.06 21:15:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.06 21:15:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.06 21:15:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.06 21:15:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\FH\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\FH\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\FH\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\FH\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\FH\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\FH\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\FH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\FH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\FH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\FH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\FH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.06.04 21:11:10 | 000,000,808 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - No CLSID value found.
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\FH\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab (DLM Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21D71C66-535B-4CB0-A3DD-134E02477C89}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DAC882A-A34A-42D2-A89A-94D5B3266E0F}: DhcpNameServer = 10.48.88.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC72F0FF-9D9B-46DF-B805-5FC6E603247A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.23 07:58:44 | 000,000,019 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.07 21:08:20 | 000,000,000 | ---D | C] -- C:\Users\FH\Doctor Web
[2012.06.06 21:55:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.06.06 18:12:56 | 000,000,000 | ---D | C] -- C:\Users\FH\AppData\Roaming\bluejeans
[2012.06.04 22:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2012.06.04 20:52:08 | 000,000,000 | ---D | C] -- C:\Users\FH\DoctorWeb
[2012.06.04 19:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.06.04 19:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012.06.03 20:40:40 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.03 20:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.30 18:26:32 | 000,000,000 | ---D | C] -- C:\Users\FH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.05.28 21:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.05.19 21:00:57 | 000,000,000 | ---D | C] -- C:\Users\FH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.08 19:48:52 | 000,000,000 | ---- | M] () -- C:\Users\FH\defogger_reenable
[2012.06.08 19:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.08 19:41:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3505417148-2086896735-3607467643-1000UA.job
[2012.06.08 19:24:53 | 001,622,524 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.08 19:24:53 | 000,698,738 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.08 19:24:53 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.08 19:24:53 | 000,148,818 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.08 19:24:53 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.08 18:05:46 | 004,512,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.08 18:05:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.08 18:05:27 | 2146,291,711 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.07 17:54:23 | 000,015,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.07 17:54:23 | 000,015,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.07 17:41:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3505417148-2086896735-3607467643-1000Core.job
[2012.06.05 19:11:12 | 000,000,185 | ---- | M] () -- C:\Users\FH\Desktop\DrWeb.csv
[2012.06.04 22:36:25 | 000,002,103 | ---- | M] () -- C:\Users\FH\Desktop\HijackThis.lnk
[2012.06.04 21:11:10 | 000,000,808 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.03 20:47:23 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.06.03 20:40:41 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 18:30:50 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.30 18:26:33 | 000,002,306 | ---- | M] () -- C:\Users\FH\Desktop\Google Chrome.lnk
[2012.05.29 21:47:08 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2012.05.28 21:52:02 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.28 21:39:47 | 001,854,885 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1301000.01C\Cat.DB
[2012.05.17 12:04:26 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1301000.01C\VT20120410.035
[2012.05.13 10:55:47 | 000,093,020 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symtdiv.sys.ptx
[2012.05.13 10:55:46 | 000,001,051 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnetv64.cat.ptx
[2012.05.13 10:55:46 | 000,000,218 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnetv.inf.ptx
[2012.05.13 10:55:45 | 000,098,554 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnets.sys.ptx
[2012.05.13 10:55:44 | 000,271,008 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symefa64.sys.ptx
[2012.05.13 10:55:44 | 000,002,428 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnet64.cat.ptx
[2012.05.13 10:55:44 | 000,000,218 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnet.inf.ptx
[2012.05.13 10:55:38 | 000,004,084 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symefa64.cat.ptx
[2012.05.13 10:55:38 | 000,001,969 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtspx64.sys.ptx
[2012.05.13 10:55:38 | 000,000,295 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symefa.inf.ptx
[2012.05.13 10:55:37 | 000,267,375 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtsp64.sys.ptx
[2012.05.13 10:55:37 | 000,006,310 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtspx64.cat.ptx
[2012.05.13 10:55:37 | 000,000,263 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtspx64.inf.ptx
[2012.05.13 10:55:34 | 000,000,263 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtsp64.inf.ptx
[2012.05.13 10:55:33 | 000,023,997 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ironx64.sys.ptx
[2012.05.13 10:55:33 | 000,020,971 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ccsetx64.sys.ptx
[2012.05.13 10:55:33 | 000,005,138 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtsp64.cat.ptx
[2012.05.13 10:55:33 | 000,002,554 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\iron.cat.ptx
[2012.05.13 10:55:33 | 000,000,224 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\iron.inf.ptx
[2012.05.13 10:55:32 | 000,002,542 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ccsetx64.cat.ptx
[2012.05.13 10:55:32 | 000,000,268 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ccsetx64.inf.ptx
[2012.05.13 09:47:36 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\isolate.ini
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.08 19:48:52 | 000,000,000 | ---- | C] () -- C:\Users\FH\defogger_reenable
[2012.06.08 18:05:29 | 004,512,144 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.05 19:11:12 | 000,000,185 | ---- | C] () -- C:\Users\FH\Desktop\DrWeb.csv
[2012.06.04 22:36:25 | 000,002,103 | ---- | C] () -- C:\Users\FH\Desktop\HijackThis.lnk
[2012.06.03 20:40:41 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 18:26:33 | 000,002,306 | ---- | C] () -- C:\Users\FH\Desktop\Google Chrome.lnk
[2012.05.28 21:52:02 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.05.28 21:52:02 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.19 20:15:34 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.04.11 20:40:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Commands
[2012.04.11 20:40:26 | 000,000,268 | RH-- | C] () -- C:\Users\FH\AppData\Roaming\ColorTable
[2012.04.11 20:39:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Common
[2012.04.11 20:39:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Command Line Utility
[2012.04.10 19:45:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.11.01 21:44:04 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC64.dll
[2011.09.22 18:31:04 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll
[2011.09.03 20:44:01 | 000,002,112 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.08.26 10:21:39 | 001,648,266 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.29 20:27:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Halftone
[2011.03.17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.12 10:49:52 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.10.24 18:22:21 | 000,001,940 | ---- | C] () -- C:\Users\FH\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.08.19 18:27:36 | 000,000,268 | RH-- | C] () -- C:\Users\FH\AppData\Roaming\ColorSync
[2010.08.19 18:27:36 | 000,000,268 | RH-- | C] () -- C:\Users\FH\AppData\Roaming\Colors
[2010.08.19 18:27:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010.08.19 18:27:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010.08.19 18:27:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010.06.25 21:06:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2012.01.07 21:15:24 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\AllDup
[2011.01.14 21:46:38 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Amazon
[2009.11.05 22:40:51 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Anthropics
[2009.11.15 18:55:44 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\AVM
[2012.06.06 18:12:56 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\bluejeans
[2012.04.29 10:55:48 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\BOM
[2010.12.21 20:58:42 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Buhl Data Service
[2010.04.27 20:40:54 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Canneverbe Limited
[2012.05.28 10:14:54 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Dropbox
[2010.08.17 18:07:31 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\DxO Labs
[2010.01.14 19:54:37 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\FRITZ!
[2011.11.15 23:49:25 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Garmin
[2011.09.02 18:33:53 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\gtk-2.0
[2010.05.26 18:34:22 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\HDRsoft
[2009.11.05 22:40:53 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\ImgBurn
[2012.04.29 10:55:58 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\IrfanView
[2010.12.10 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Leadertech
[2011.10.03 20:08:52 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\MAGIX
[2009.11.05 22:41:01 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\MiK
[2012.04.29 10:55:48 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Mp3tag
[2011.12.11 12:02:39 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\MusicBee
[2009.11.05 22:41:02 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Nik Software
[2010.08.20 20:14:18 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Nikon
[2011.05.26 20:20:16 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\OfficeRecovery
[2010.08.17 18:05:53 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\PACE Anti-Piracy
[2009.11.05 22:41:02 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\PanoramaStudio
[2011.09.10 21:39:16 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\QuickScan
[2011.07.19 19:46:29 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.09.12 19:03:57 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\STRATO
[2012.05.09 21:39:28 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\TeamViewer
[2009.11.05 22:41:02 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Tracker Software
[2012.01.14 13:48:27 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\TrueCrypt
[2012.02.21 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\uTorrent
[2012.06.07 11:26:51 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 1211 bytes -> C:\ProgramData\Microsoft:ck9qpEKUMFdL4haXexlDj
@Alternate Data Stream - 1118 bytes -> C:\Program Files (x86)\Common Files\System:nwi1Gl8XuWH80eHoCayQDbwxI6G12R
@Alternate Data Stream - 1018 bytes -> C:\ProgramData\Microsoft:OimpulZPjuzt1pwO0p7Retjpbr

< End of report >
--- --- ---


OTL.EXTRAS

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.06.2012 20:26:30 - Run 5
OTL by OldTimer - Version 3.2.47.0     Folder = C:\Users\FH\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,97 Gb Available Physical Memory | 74,61% Memory free
16,00 Gb Paging File | 13,94 Gb Available in Paging File | 87,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 62,77 Gb Free Space | 42,88% Space Free | Partition Type: NTFS
Drive D: | 687,37 Gb Total Space | 300,10 Gb Free Space | 43,66% Space Free | Partition Type: NTFS
Drive Z: | 97,66 Gb Total Space | 39,94 Gb Free Space | 40,90% Space Free | Partition Type: NTFS
 
Computer Name: FH-PC | User Name: FH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{925B737D-C00C-4447-9199-19426BEA6390}" = rport=25652 | protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{C290E958-D54E-4BCF-B7BF-2016A955B471}" = rport=25652 | protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{C52D31D4-F1A3-4D53-893F-F11B5A010041}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{DBD96B19-E067-486F-9492-8CBBAEC16AFD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{107D3D17-E624-4138-A754-83B63E4294EA}" = dir=out | app=%programfiles% (x86)\nikon\capture nx 2\capture nx 2.exe | 
"{115489E2-803C-4BED-B3F1-825341EADE2F}" = protocol=6 | dir=in | app=c:\users\fh\appdata\local\akamai\netsession_win.exe | 
"{1606367E-E773-4835-95C6-DC51E76E3A53}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{1E53C63F-C9D0-471B-9F47-CE48B6F3474B}" = protocol=6 | dir=in | app=c:\users\fh\appdata\local\temp\7zsb6fc.tmp\symnrt.exe | 
"{2DB75C95-727D-4861-810D-94106551659A}" = protocol=17 | dir=in | app=c:\users\fh\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4CA2A7DA-EBD5-453C-9D2D-F64C95C36074}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5114D7DA-4E5C-4C76-8C12-811330526D3D}" = protocol=17 | dir=in | app=c:\users\fh\appdata\local\temp\7zsb6fc.tmp\symnrt.exe | 
"{53356469-E88B-4DE4-A032-2D1440F00E0D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{57904181-C9C5-4F12-BE91-8EF4EFBCA946}" = dir=out | app=%programfiles% (x86)\ultraiso\drivers\isocmd.exe | 
"{715C3A0B-C856-4749-8852-9F08D77D8C7E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{7194C49F-7EBD-4CDA-97FB-0C004A5C1C5D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7EDBA861-414E-4361-8AFF-16EA4686B83B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{7F13236E-400E-460A-ACA3-B356F9957F56}" = protocol=17 | dir=in | app=c:\users\fh\appdata\local\akamai\netsession_win.exe | 
"{8180C875-2799-45DB-BA41-368FC8C5CF07}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{A8619E62-E98E-452C-8F12-46622FFB4314}" = dir=out | app=%programfiles% (x86)\ultraiso\ultraiso.exe | 
"{B0FDAAF3-3B2D-43DF-A50D-0D2337DA228D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B20A7145-1D7C-4B1A-9AA5-D1EAAC778ADF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{B3EC49B2-1A0C-4911-A9C8-062BC73A16E2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B53CFCC7-7B4E-452F-BF8B-696E830A1F3C}" = protocol=6 | dir=in | app=c:\users\fh\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BFD3128B-B939-4AF1-BFE4-D1303B360141}" = protocol=17 | dir=in | app=c:\users\fh\appdata\local\temp\7zs8229.tmp\symnrt.exe | 
"{C7D38809-A164-44E8-8A53-A83B605A456C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{D4F3AB45-3CE8-4F02-917B-80C201E994FB}" = protocol=6 | dir=in | app=c:\users\fh\appdata\local\temp\7zs8229.tmp\symnrt.exe | 
"{D631C0D2-8162-4BD2-877A-3F951FDAB5BE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{FB18C66D-3C61-4E1E-A498-4DF43DCB72B2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"TCP Query User{0DCC1362-AD05-4BB1-AF6D-EB7D11E46567}C:\program files (x86)\strato ag\strato hidrive\openvpn\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\strato ag\strato hidrive\openvpn\openvpn.exe | 
"TCP Query User{133E0C5E-9EEB-4431-9331-3D9D998E5C5C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{2BA9E9BE-8F52-47F9-BBBE-CEB676544F6B}C:\users\fh\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\fh\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{A4DCF56F-4686-4DC5-BCF9-F3DEDCCD3916}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{AE0EA2BE-E730-43A3-9267-D8923BC847B0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{EA08CFF1-584E-4A88-825D-3BC8C93B9A0F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{F0C1DBC0-FD14-48ED-8615-A0B142FB574A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{0F9C667E-A29B-448E-83E7-9DEFEA362B7F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{407A549D-9FDE-45D9-AAE8-AC3165EA1DBE}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{7315C854-790F-4A02-935B-EE1448B2AB6F}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{96B68CE4-BEBE-48A4-B26B-3836AA927692}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{A29B585F-619F-4BE1-9B9D-D2AC9588B879}C:\program files (x86)\strato ag\strato hidrive\openvpn\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\strato ag\strato hidrive\openvpn\openvpn.exe | 
"UDP Query User{C444A7E3-DDEA-4719-8E20-37BD80D45926}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{EF75128F-BC76-41A1-848E-85CC36D604A4}C:\users\fh\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\fh\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU 
"{11953C65-BB4E-4CA4-B0F0-2600A4B20040}" = Picture Control Utility x64
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{32508A23-C9EA-4D29-83CA-97A42A13701E}" = Microsoft Sync Framework Services v1.0 (x64)
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{53D7A054-4598-4947-A159-E8FCC77720AB}" = Microsoft Sync Framework Runtime v1.0 (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{635BE602-BB9C-4C59-8CC5-93F9366E8A21}" = ViewNX 2
"{669A82E0-43E2-4645-8A2E-1A3DE78F8312}" = Adobe Photoshop Lightroom 4 64-bit
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU 
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
"A35BD68D4A1B3E191138E3C9AA417190A9468F7E" = Windows-Treiberpaket - Leaf Imaging Ltd. Image  (02/11/2010 )
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AutopanoGiga2.5" = Kolor Autopano Giga 2.5
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Recuva" = Recuva
"Sandboxie" = Sandboxie 3.68 (64-bit)
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AA86CEE-2C8C-4ABB-8F95-B8D8E852C62C}" = SportTracks 3.1
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin
"{3E00C574-B650-401D-A898-4581AAD6CC74}" = STRATO HiDrive
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4478067C-D35C-47C3-BF6C-1BF8F9FC6546}" = bjnplugin
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBBEDB1-14D0-4F53-8537-1EE0F39F8FF8}" = MusicBee
"{5AE1721C-A430-4886-B3A1-8D6E5E6CD2A8}" = DxO Optics Pro 6
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{659DA17C-5C44-45EB-99D7-ABC1202138E3}" = PictureMedley
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE2AE713-75EF-4CA6-82FB-3E1BBA8DD608}" = DxO Optics Pro 7
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Akamai" = Akamai NetSession Interface Service
"AllDup_is1" = AllDup 3.2.22
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1
"Capture NX 2" = Capture NX 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Complete NX2" = Color Efex Pro 3.0 Complete for Capture NX 2
"Color Efex Pro 4" = Color Efex Pro 4
"ExifPro 2.0" = ExifPro 2.0 Photo Viewer
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 1.52
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Lidl-Fotos_is1" = Lidl-Fotos
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"Mp3tag" = Mp3tag v2.49a
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenStreetMap Plugin V2_is1" = OpenStreetMap Plugin V2
"OpenStreetMap Plugin_is1" = OpenStreetMap Plugin
"PanoramaStudio" = PanoramaStudio 1.5 (uninstall)
"PhotomatixPro3_is1" = Photomatix Pro version 3.0
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"TeamViewer 7" = TeamViewer 7
"TrueCrypt" = TrueCrypt
"UltraISO_is1" = UltraISO Premium V9.36
"uTorrent" = µTorrent
"V3.2_is1" = File Scavenger 3.2
"VLC media player" = VLC media player 2.0.0
"Winamp" = Winamp
"WinISO_is1" = WinISO 5.3
"Wubi" = Ubuntu
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Application Detect
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.11.2011 15:11:54 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 02.11.2011 14:48:08 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 03.11.2011 14:06:37 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 04.11.2011 14:34:07 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 05.11.2011 05:47:41 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 05.11.2011 09:31:09 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 05.11.2011 14:48:09 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 06.11.2011 06:03:03 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 06.11.2011 15:08:11 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 07.11.2011 14:16:22 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 08.11.2011 14:06:52 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
[ System Events ]
Error - 07.06.2012 05:27:33 | Computer Name = FH-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Multimedia Class Scheduler" wurde unerwartet beendet. Dies
 ist bereits 3 Mal passiert.
 
Error - 07.06.2012 05:27:33 | Computer Name = FH-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Management Instrumentation" wurde unerwartet beendet.
 Dies ist bereits 4 Mal passiert.
 
Error - 07.06.2012 05:27:33 | Computer Name = FH-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits
 4 Mal passiert.
 
Error - 07.06.2012 05:27:38 | Computer Name = FH-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Management Instrumentation" wurde unerwartet beendet.
 Dies ist bereits 5 Mal passiert.
 
Error - 07.06.2012 05:27:38 | Computer Name = FH-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits
 5 Mal passiert.
 
Error - 07.06.2012 05:27:41 | Computer Name = FH-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Management Instrumentation" wurde unerwartet beendet.
 Dies ist bereits 6 Mal passiert.
 
Error - 07.06.2012 05:27:41 | Computer Name = FH-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits
 6 Mal passiert.
 
Error - 07.06.2012 05:29:16 | Computer Name = FH-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 07.06.2012 05:30:11 | Computer Name = FH-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 07.06.2012 16:05:16 | Computer Name = FH-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
--- --- ---

[/CODE]
Geändert von myspam69 (08.06.2012 um 19:36 Uhr)

 

Themen zu Browser & Antivirenprogramme stürzen ständig ab nach Virenfund
7-zip, adblock, adobe, akamai, alternate, antivirus, autorun, avira, bho, bonjour, browser, cdburnerxp, dateisystem, defender, document, excel, explorer, fehler, firefox, flash player, format, helper, heuristiks/extra, heuristiks/shuriken, hotspot, hotspot shield, install.exe, jdownloader, langs, microsoft office word, mozilla, mp3, neustart, plug-in, problem, realtek, recuva, registry, required, scan, searchscopes, secunia psi, software, system, tracker, version=1.0


« Verunsichert nach Deinstallation von möglicher Malware | Grauer Bildschirm nach dem Anmelden...Meldung: Nach Problemlösung im Internet suchen »


Ähnliche Themen: Browser & Antivirenprogramme stürzen ständig ab nach Virenfund


  1. win 7: security.dll + browser stürzen ab
    Plagegeister aller Art und deren Bekämpfung - 03.11.2015 (9)
  2. Programme stürzen ständig ab
    Plagegeister aller Art und deren Bekämpfung - 24.10.2014 (13)
  3. Computer wird langsam und will ständig ein Java-Update durchführen. Virenfund nach scan.
    Log-Analyse und Auswertung - 25.01.2014 (7)
  4. Browser stürzen ständig ab
    Plagegeister aller Art und deren Bekämpfung - 30.12.2013 (13)
  5. Nach TDSSKiller, combofix und Co. stürzen heute Programme ständig ab oder starten nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (5)
  6. Internet Browser stürzen ab
    Log-Analyse und Auswertung - 13.05.2013 (39)
  7. jusched.exe <fehlermeldung und Browser stürzen ab
    Log-Analyse und Auswertung - 27.08.2012 (2)
  8. DLL-Datei fehlt und Browser stürzen ab
    Plagegeister aller Art und deren Bekämpfung - 28.06.2011 (6)
  9. Browser stürzen regelmäßig ab
    Log-Analyse und Auswertung - 17.06.2011 (18)
  10. Spiele und Videos stürzen ständig ab
    Log-Analyse und Auswertung - 12.11.2009 (11)
  11. Browser stürzen ab
    Log-Analyse und Auswertung - 06.10.2009 (10)
  12. Browser stürzen ständig ab | Bitte Logfile auswerten
    Log-Analyse und Auswertung - 15.09.2009 (3)
  13. Browser stürzen bei Googlesuche ab
    Log-Analyse und Auswertung - 27.08.2009 (3)
  14. Meine Browser stürzen ständig ab
    Log-Analyse und Auswertung - 26.08.2009 (1)
  15. Browser stürzen ständig ab oder kompletter PC mit Bluescreen
    Plagegeister aller Art und deren Bekämpfung - 20.03.2009 (0)
  16. drwtsn32.exe + explerer.exe stürzen ständig ab
    Log-Analyse und Auswertung - 20.08.2008 (6)
  17. Firefox/ICQ/PC stürzen ständig ab
    Log-Analyse und Auswertung - 12.11.2007 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Browser & Antivirenprogramme stürzen ständig ab nach Virenfund - Hallo zusammen, auch hier ein kleines Problem ... aber der Reihe nach: Wie alles anfing: Auto-Protect von Norton Antivirus 2012 stürzt immer ab (Fehler 3035,6), Reparatur von Auto-Protect schlägt fehl. - Browser & Antivirenprogramme stürzen ständig ab nach Virenfund...
Archiv
Du betrachtest: Browser & Antivirenprogramme stürzen ständig ab nach Virenfund auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131