| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google Redirect Virus (?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
08.04.2013, 08:54
| #1 |
| |  Google Redirect Virus (?) Hallo, ich hab ein (großes ?) Problem mit meinem Laptop. Bei der Googlesuche auf meinem Laptop sind die Suchergebnisse 2-7 die angezeigt werden irgendein Spam- oder Phishingmüll. Auch läuft er sehr langsam. Die im Taskmanger angezeigten laufenden Prozesse ergeben i.d.R. aufaddiert höchstens 10 - 20%, trotzdem ist die CPU-Auslastung (fast) immer bei 100%. Aufgrund der 100% Auslastung läuft alles sehr langsam (auch die Scans mit Virenprogrammen) und der Laptop überhitzt sehr schnell. Ich habe ihn mit Malwarebytes Anti-Malware, HitmannPro, NOD32 und Spybot gescannt, jedoch ohne etwas zu finden. Auch habt ich TDSSKaspersky und Malwarebytes Rootkit und AVAST Rootkit laufen lassen ohne irgendetwas auffälliges zu finden. Ich bin total ratlos  Jetzt habe ich - nachdem ich den defrogger laufengelassen hatte - mit OLT und GMER den Laptop gescannt. Hier die Logfiles: OLT.txt: Code:
ATTFilter OTL logfile created on: 07.04.2013 22:25:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HmHm\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,21 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 70,74% Memory free 4,64 Gb Paging File | 3,63 Gb Available in Paging File | 78,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,16 Gb Total Space | 37,21 Gb Free Space | 39,51% Space Free | Partition Type: NTFS Drive D: | 195,07 Gb Total Space | 169,06 Gb Free Space | 86,66% Space Free | Partition Type: NTFS Computer Name: HMHM-PC | User Name: HmHm | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.04.07 13:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe PRC - [2013.02.15 01:37:42 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.16 22:45:20 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.11.16 16:26:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2011.07.20 12:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\LEsrv.exe PRC - [2011.07.20 12:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\audiosrv.exe PRC - [2011.07.20 12:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe PRC - [2011.06.17 20:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\obexsrv.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.02.02 05:12:10 | 000,387,584 | ---- | M] (ZTE) -- C:\Programme\congstar\Internetmanager\Bin\BMController.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2008.07.22 04:05:00 | 000,139,264 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonClient.exe PRC - [2008.07.22 04:05:00 | 000,122,880 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonServer.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.07.27 04:41:00 | 000,023,040 | ---- | M] () -- C:\Windows\System32\BeepApp.exe PRC - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe PRC - [2006.12.14 17:04:04 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\AMD\RAIDXpert\_jvm\bin\java.exe PRC - [2003.09.29 09:00:00 | 000,110,592 | ---- | M] () -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe ========== Modules (No Company Name) ========== MOD - [2012.11.16 21:37:32 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2010.01.29 10:47:30 | 000,129,024 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\BIOptimizationClient.dll MOD - [2010.01.29 10:45:10 | 000,160,768 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\BIXml.dll MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2013.03.14 01:20:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.08 22:14:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.15 01:37:42 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.20 02:07:10 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.11.16 16:26:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.07.20 12:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\LEsrv.exe -- (Bluetooth Low Energy Service) SRV - [2011.07.20 12:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service) SRV - [2011.07.20 12:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.17 20:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.15 15:51:44 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.09.29 09:00:00 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe -- (AMDRAIDXpert) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\ehdrv.sys -- (ehdrv) DRV - File not found [File_System | Disabled | Running] -- system32\DRIVERS\eamonm.sys -- (eamonm) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\HmHm\AppData\Local\Temp\aswMBR.sys -- (aswMBR) DRV - [2013.03.31 19:52:48 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2013.02.17 15:58:48 | 000,021,624 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\System32\drivers\HWiNFO32.SYS -- (HWiNFO32) DRV - [2013.02.01 11:47:14 | 000,148,208 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.11.20 02:16:23 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012.11.20 02:16:23 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi) DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.11.16 21:38:48 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.11.09 22:25:58 | 000,454,288 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012.08.13 17:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps) DRV - [2012.08.02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2012.07.16 16:38:22 | 000,023,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\johci.sys -- (johci) DRV - [2012.06.19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2011.07.25 20:09:16 | 000,564,736 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmusb.sys -- (BTMUSB) DRV - [2011.02.22 18:51:28 | 000,041,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmcom.sys -- (BTMCOM) DRV - [2010.02.18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser) DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea) DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm) DRV - [2010.02.11 05:29:56 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.12.15 04:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.08 00:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008.10.08 07:15:12 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2008.04.28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2008.04.03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2007.05.11 16:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{CC92B58A-F3A6-4963-B2C9-2FE339A97871}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "googel.com" FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.0.3 FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.5 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: ff-bmboc%40bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\HmHm\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.02.15 01:41:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.02.15 01:41:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.02.15 01:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.02.15 01:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.02.15 01:41:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internetmanager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.03.30 02:15:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:14:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.07 06:51:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.04 21:21:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.04 21:21:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:14:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.07 06:51:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.04 21:21:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.04 21:21:10 | 000,000,000 | ---D | M] [2010.11.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Extensions [2010.11.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.04.06 23:49:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions [2010.08.15 14:35:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.04.05 22:03:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\ich@maltegoetz.de [2012.02.10 11:47:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\piclens@cooliris.com [2010.03.08 15:19:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\searchrecs@veoh.com [2013.02.14 21:59:31 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2013.02.14 23:10:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.06 23:49:45 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.12.01 12:48:30 | 000,077,690 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi [2010.04.12 17:33:03 | 000,001,819 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\searchplugins\bing.xml [2010.03.18 07:59:07 | 000,002,055 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\searchplugins\daemon-search.xml [2013.03.29 10:29:29 | 000,000,947 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\searchplugins\icqplugin.xml [2013.03.08 22:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.30 02:15:40 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 11.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2010.04.01 14:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNETMANAGER\BIN\ADDON [2013.02.15 01:41:22 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2013.03.08 22:14:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.19 14:42:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 02:32:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.19 14:42:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.06 10:11:01 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2012.06.19 14:42:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 14:42:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 14:42:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://de.pokerstrategy.com/home/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://de.pokerstrategy.com/home/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: FB unseen = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcedcpmfdpjijiamkaeaefgfagnnpei\0.1.0_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Google Mail = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Users\HmHm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HmHm\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\Resources\deu.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\Resources\deu.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm () O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80424655-1B4B-44CD-8CBC-683ED8726E55}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{55e4d7f3-f6b0-11e0-bd2f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{55e4d7f3-f6b0-11e0-bd2f-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Data\setup.exe O33 - MountPoints2\{74261fc6-773a-11e2-af1e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{74261fc6-773a-11e2-af1e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.07 22:03:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.07 13:39:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe [2013.04.07 01:23:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe [2013.04.07 00:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.04.07 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Roaming\Malwarebytes [2013.04.07 00:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.07 00:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.07 00:46:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.07 00:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.05 23:27:32 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Documents\ProcAlyzer Dumps [2013.04.05 22:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.04.05 01:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.04.04 23:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.04.04 23:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2013.04.04 21:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.03.31 20:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.03.31 20:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.31 19:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013.03.31 19:52:48 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013.03.31 19:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2013.03.30 10:51:48 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Roaming\HpUpdate [2013.03.30 10:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013.03.30 10:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013.03.30 10:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013.03.30 10:43:30 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Local\HP [2013.03.30 01:09:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.03.29 14:01:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.03.29 10:47:27 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Desktop\Filme [2013.03.29 10:38:06 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Desktop\Büro [2013.03.22 23:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.11 00:55:37 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmnet.dll [2013.03.11 00:55:37 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bminstall.dll [2013.03.11 00:55:37 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmdumpd.bin [2013.03.11 00:55:37 | 000,024,192 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\tcpipBM.sys [2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys [2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys [2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys [2013.03.11 00:54:42 | 000,010,240 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\massfilter.sys [2013.03.11 00:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\congstar Internet-Manager [2013.03.11 00:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\congstar ========== Files - Modified Within 30 Days ========== [2013.04.07 21:40:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.07 21:40:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.07 19:20:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.07 18:32:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.07 18:29:11 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068858174-2851846924-383880506-1000UA.job [2013.04.07 16:32:35 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.07 15:27:41 | 000,640,404 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.07 15:27:41 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.07 15:27:41 | 000,130,456 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.07 15:27:41 | 000,108,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.07 13:44:35 | 000,377,856 | ---- | M] () -- C:\Users\HmHm\Desktop\gmer_2.1.19163.exe [2013.04.07 13:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe [2013.04.07 12:11:52 | 000,000,512 | ---- | M] () -- C:\Users\HmHm\Documents\MBR.dat [2013.04.07 11:40:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.07 11:40:50 | 2372,464,640 | -HS- | M] () -- C:\hiberfil.sys [2013.04.07 06:53:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.04.07 02:26:42 | 000,000,020 | ---- | M] () -- C:\Users\HmHm\defogger_reenable [2013.04.07 01:23:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe [2013.04.07 00:46:13 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.07 00:15:02 | 000,050,477 | ---- | M] () -- C:\Users\HmHm\Desktop\Defogger.exe [2013.04.05 22:29:17 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068858174-2851846924-383880506-1000Core.job [2013.04.05 17:24:30 | 000,004,936 | ---- | M] () -- C:\Users\HmHm\Documents\cc_20130405_172425.reg [2013.04.02 01:30:57 | 000,002,082 | ---- | M] () -- C:\Users\HmHm\Desktop\Google Chrome.lnk [2013.03.31 19:55:03 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.03.31 19:52:48 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013.03.30 10:51:23 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk [2013.03.30 10:51:22 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6600.lnk [2013.03.30 10:51:19 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk [2013.03.30 10:45:12 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013.03.30 02:30:51 | 000,338,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.30 02:16:30 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk [2013.03.30 02:16:30 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk [2013.03.29 11:24:27 | 000,000,995 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.29 11:23:58 | 000,000,961 | ---- | M] () -- C:\Users\HmHm\Desktop\Dropbox.lnk [2013.03.11 00:54:28 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk ========== Files Created - No Company Name ========== [2013.04.07 13:41:21 | 000,377,856 | ---- | C] () -- C:\Users\HmHm\Desktop\gmer_2.1.19163.exe [2013.04.07 13:33:25 | 000,050,477 | ---- | C] () -- C:\Users\HmHm\Desktop\Defogger.exe [2013.04.07 12:11:52 | 000,000,512 | ---- | C] () -- C:\Users\HmHm\Documents\MBR.dat [2013.04.07 02:25:23 | 000,000,020 | ---- | C] () -- C:\Users\HmHm\defogger_reenable [2013.04.07 00:46:13 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.06 22:57:05 | 2372,464,640 | -HS- | C] () -- C:\hiberfil.sys [2013.04.05 17:24:29 | 000,004,936 | ---- | C] () -- C:\Users\HmHm\Documents\cc_20130405_172425.reg [2013.03.31 19:55:03 | 000,001,741 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.03.30 10:51:23 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk [2013.03.30 10:51:22 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6600.lnk [2013.03.30 10:51:19 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk [2013.03.30 10:45:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.03.30 02:16:30 | 000,002,437 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk [2013.03.30 02:16:30 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk [2013.03.30 02:16:30 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk [2013.03.30 02:16:30 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk [2013.03.30 02:16:30 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk [2013.03.11 00:54:28 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk [2013.02.15 08:47:43 | 000,396,597 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.11.16 21:37:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2012.11.16 17:01:04 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.06.04 18:27:28 | 000,000,448 | ---- | C] () -- C:\ProgramData\dobkrujvufrlmra [2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.10.20 19:28:09 | 000,000,680 | ---- | C] () -- C:\Users\HmHm\AppData\Local\d3d9caps.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.09.04 00:10:37 | 000,000,104 | ---- | C] () -- C:\Users\HmHm\Papierkorb.lnk [2011.08.27 23:07:26 | 000,017,408 | ---- | C] () -- C:\Users\HmHm\AppData\Local\WebpageIcons.db [2011.06.01 13:50:01 | 000,000,045 | ---- | C] () -- C:\Users\HmHm\AppData\Local\machpro.dat [2011.06.01 10:29:22 | 000,337,856 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat [2010.12.29 23:02:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.30 21:11:20 | 000,026,112 | ---- | C] () -- C:\Users\HmHm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.10 00:01:36 | 000,000,262 | ---- | C] () -- C:\Users\HmHm\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.14 22:33:58 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Applian FLV and Media Player [2011.05.14 14:29:14 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Azureus [2011.07.15 01:39:07 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Canon [2013.03.31 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\DAEMON Tools Lite [2012.07.29 23:55:13 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Downloaded Installations [2013.04.07 20:37:34 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Dropbox [2013.02.14 21:59:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\GrabIt [2011.08.28 00:53:58 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Gutscheinmieze [2011.06.01 09:30:56 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\HEM Data [2011.10.15 00:06:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Internetmanager [2012.07.30 00:02:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Nitro PDF [2010.11.29 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\OpenOffice.org [2009.10.26 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\postgresql [2011.08.22 08:20:27 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Template [2010.11.29 12:25:57 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Thunderbird [2013.03.30 01:10:34 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\TuneUp Software [2012.07.21 22:53:31 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\UDC Profiles [2012.04.16 15:50:11 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 07.04.2013 22:25:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HmHm\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,21 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 70,74% Memory free
4,64 Gb Paging File | 3,63 Gb Available in Paging File | 78,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 37,21 Gb Free Space | 39,51% Space Free | Partition Type: NTFS
Drive D: | 195,07 Gb Total Space | 169,06 Gb Free Space | 86,66% Space Free | Partition Type: NTFS
Computer Name: HMHM-PC | User Name: HmHm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ED7B3B3-2A66-4022-98E9-52F25FF1312D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20E8E555-3CC1-499B-8479-C3633E8DE06B}" = lport=139 | protocol=6 | dir=in | app=system |
"{29D78A9C-999C-48D1-8095-044D075673ED}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{35C8DDC6-9035-4AE8-AEA3-5802FF2A9C51}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{420AC033-84FE-43BD-B2A2-86ECB0E1D4BD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{480C4C2D-3426-4C6E-BD59-ABF2443D6B32}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4C734478-0A6A-4127-A467-9D87307D19D2}" = lport=137 | protocol=17 | dir=in | app=system |
"{5A0FEA17-F3D9-470D-907F-DA70F62DDF2F}" = lport=138 | protocol=17 | dir=in | app=system |
"{5C75FB79-DBBD-4C31-9A85-F9D9EC03FBCF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{630B66A9-01AC-489D-A50A-87520C0A639F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6972A016-2576-4ED0-8DCB-C56FA62CBCFC}" = rport=138 | protocol=17 | dir=out | app=system |
"{6A86F26F-27E5-4D76-95EA-175081E835F4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73D88D1C-4554-4673-BD77-DB61B96E75E5}" = rport=139 | protocol=6 | dir=out | app=system |
"{8BC05E65-DEF9-4B0C-BD5C-C5430EDD86A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F517D81-1612-4867-9B5E-145AE89D6DC6}" = rport=137 | protocol=17 | dir=out | app=system |
"{9191AD58-B3CE-45B9-883A-A3F004080892}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AADF4699-2FC4-4A11-80B5-AC89CEE1A706}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B3B30B24-F261-4E52-829C-68628B1C926D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BC3955F8-C87D-4F0A-89D7-D02DF872FC55}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF862F13-EA41-4941-9D04-46F907A966CF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6F3CAAA-110B-4CB5-8105-3EED4EC5FF43}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CAB91FFA-7A46-4235-981A-28FCBAAD905A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9CA04E4-5D58-4F1E-B572-28B653863B39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DEE05FC4-572F-4FEC-9F88-62C6C96423FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0F8D9F3-D394-4838-A46E-8726CCB6EE66}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E26E5270-CAB9-42E9-A728-E47D325E7F7D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E4D17AE6-7AB5-4F69-A6C0-000C24FB970A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E7200A35-FBC9-4981-8470-BB887E2D6FDE}" = lport=445 | protocol=6 | dir=in | app=system |
"{E99684CB-A454-42A4-AA7A-50E204036B0F}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BDAAF9F-C611-4C73-B8C0-21F4A22E152E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20B0D27D-9897-4AE8-BEC1-FD1ACBE2B1DB}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{22B6BE24-41CA-4009-9FF6-FB99AB9827BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D7049C8-FB5E-4A4B-84A2-A1888F1810DE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{36EBF7E6-CE6D-47E8-B0D5-ECF11C7AADEF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3A5FAE5F-8669-4BE7-BC64-BDE942362554}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3ECE6220-D55B-40F8-9D75-6140D75B87B4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4B32C543-202A-4445-ACC3-4C7FEAA8A203}" = protocol=6 | dir=out | app=system |
"{53D6AE15-A6AB-4435-8066-0DAD789627F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F828357-0F13-4949-AF88-C943CDFEEA94}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6118791C-09C9-49C6-A527-C01DE9407785}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6209E170-6725-43F5-A30A-8DB79A8E4EF8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62A1B790-1714-4F0D-A117-9C91F2BB9A84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AD8A145-7A1C-44EE-9132-78874EFF51EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6B8B6061-4453-419D-940A-308AFA2D7B2B}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{6D9282D0-A5ED-40D2-90D4-9A707F37B085}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{79126619-8742-41E8-B747-549B6EC73815}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9B5AC03B-7FE2-42BD-A08C-D6C38297A025}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B7E9BBC7-68D3-4482-9701-82FA0EC7A9B3}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{B7F0D988-D46D-4F06-A1C9-783B34E1AF33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B81B091C-55A2-4BBF-86AF-19BDC2D310F0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B8488039-FE9F-4B9F-8F9E-6E0A0023BF4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8CE2D87-6F4B-4524-98F9-533359B81630}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE6AE5CC-2378-441A-8EB9-99355326297F}" = protocol=6 | dir=in | app=c:\users\hmhm\appdata\roaming\dropbox\bin\dropbox.exe |
"{BFB7074B-8339-4F6E-A8FF-5CC4E7FC0B78}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C109D9B0-99B3-4571-8825-8F20B643FA4E}" = protocol=17 | dir=in | app=c:\users\hmhm\appdata\roaming\dropbox\bin\dropbox.exe |
"{C7445D6A-00D1-4742-9C54-070C984C20C9}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\devicesetup.exe |
"{E033714D-24B5-4208-A908-5C64DD8C5D6C}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe |
"{F23FABE2-59B0-449E-A7F4-A242DCE60355}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E410EB-8542-5527-9FC9-4C44DF3B7E79}" = AMD Catalyst Install Manager
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03CD802D-47F0-BB70-5441-F2869FC4EEBD}" = Catalyst Control Center InstallProxy
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = AMD VISION Engine Control Center
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{28A2EF20-B486-685D-6642-829180ED7683}" = ccc-utility
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish
"{373C3C97-2FA9-4E18-85A2-255060C21031}" = Nero 8 Essentials
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese
"{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German
"{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish
"{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F1F9EC3-2A14-11B1-9111-526F36E7739B}" = AMD Fuel
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.05.26
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}" = PlayReady PC runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish
"{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese
"{BE09DD64-706D-4975-8034-E561C270D1E5}" = HP Officejet 6600 - Grundlegende Software für das Gerät
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C818BA3A-226F-4ED0-9CEF-96A0DF300211}" = HP Officejet 6600 Hilfe
"{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common
"{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V2.5.7
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1" = Motorola Bluetooth
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Driver Genius_is1" = Driver Genius
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.2 for Windows
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.04.2013 19:23:15 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
Error - 06.04.2013 19:23:15 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
Error - 06.04.2013 19:23:15 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
Error - 06.04.2013 19:23:16 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
Error - 06.04.2013 19:23:26 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
Error - 06.04.2013 19:23:26 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
Error - 06.04.2013 19:23:40 | Computer Name = HmHm-PC | Source = System Restore | ID = 8193
Description =
Error - 06.04.2013 19:28:46 | Computer Name = HmHm-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.04.2013 19:31:16 | Computer Name = HmHm-PC | Source = ATIeRecord | ID = 16399
Description = ATI EEU PX dGPU Power On failed
Error - 07.04.2013 05:42:22 | Computer Name = HmHm-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 14.02.2013 22:06:29 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (7416.1128)
Error - 14.02.2013 22:06:29 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Serververbindung konnte nicht hergestellt werden.. (7416.1129)
Error - 14.02.2013 23:07:01 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (4016.1128)
Error - 14.02.2013 23:07:01 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Serververbindung konnte nicht hergestellt werden.. (4016.1129)
Error - 15.02.2013 00:07:29 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (6792.1128)
Error - 15.02.2013 00:07:29 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Serververbindung konnte nicht hergestellt werden.. (6792.1129)
Error - 15.02.2013 01:07:57 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (7172.1128)
Error - 15.02.2013 01:07:57 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Serververbindung konnte nicht hergestellt werden.. (7172.1129)
Error - 05.04.2013 10:42:08 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (4308.1128)
Error - 05.04.2013 10:42:08 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Serververbindung konnte nicht hergestellt werden.. (4308.1129)
[ System Events ]
Error - 06.04.2013 19:06:45 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 06.04.2013 19:23:41 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 06.04.2013 19:23:49 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 06.04.2013 19:23:52 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 06.04.2013 19:23:55 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 06.04.2013 19:28:19 | Computer Name = HmHm-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =
Error - 06.04.2013 19:28:52 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 06.04.2013 19:39:44 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 07.04.2013 06:22:13 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 07.04.2013 16:11:11 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7031
Description =
< End of report >
Gmer.txt Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-08 09:42:54
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000066 WDC_____ rev.11.0 298,02GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\HmHm\AppData\Local\Temp\kwtdipoc.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x93751208]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x93704FB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0x93705300]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x93705746]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x936ED91E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x93704C92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x936EDE96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x936EDD7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0x93705164]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x93754072]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x936EDFB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSymbolicLinkObject [0x93715130]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x937DC7F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0x93705232]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x93753054]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x936ED962]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x9375134A]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x937DC8B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x93715150]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x93703422]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x936EDF2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x936EDE0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x93752BFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x9375431E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x936EE04C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x93753266]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwPlugPlayControl [0x93715140]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x936EE0D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x93703630]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x93753D20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x9370552A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x937053B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0x9370546E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x9370559A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x93753A4C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x93704E20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x93753BA8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x936EE178]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x937DC870]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x93752D9C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x937538F4]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x937DC830]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x93752EFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x93753406]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x93754486]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x937541B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x9375374A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x937531AE]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 119 844EE7DC 4 Bytes [08, 12, 75, 93] {OR [EDX], DL; JNZ 0xffffff97}
.text ntkrnlpa.exe!KeSetEvent + 13D 844EE800 8 Bytes [B8, 4F, 70, 93, 00, 53, 70, ...] {MOV EAX, 0x93704f; PUSH EBX; JO 0xffffff9b}
.text ntkrnlpa.exe!KeSetEvent + 181 844EE844 4 Bytes [46, 57, 70, 93] {INC ESI; PUSH EDI; JO 0xffffff97}
.text ntkrnlpa.exe!KeSetEvent + 1A9 844EE86C 4 Bytes [1E, D9, 6E, 93] {PUSH DS; FLDCW [ESI-0x6d]}
.text ntkrnlpa.exe!KeSetEvent + 1C1 844EE884 4 Bytes [92, 4C, 70, 93] {XCHG EDX, EAX; DEC ESP; JO 0xffffff97}
.text ...
? System32\drivers\ymyqypg.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90810000, 0x2BFBF0, 0xE8000020]
? system32\DRIVERS\eamonm.sys Das System kann den angegebenen Pfad nicht finden. !
? system32\DRIVERS\ehdrv.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\Users\HmHm\AppData\Local\Temp\aswMBR.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.sys
Device \Driver\ahcix86s \Device\Dev_ffffffff88692538 87AB460A
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
---- Processes - GMER 2.1 ----
Library C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [280] 0x614F0000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x01340000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\eguiHips.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x61B00000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x61670000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x628E0000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x62B50000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\eguiDmon.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x66BB0000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x60D50000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x60EA0000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x64350000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df05dfc0f
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df060ecc2
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df060ecc2@a826d9d4996b 0xCC 0xBB 0x00 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD3 0x1B 0x61 0x2E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x07 0xDF 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x63 0x5D 0x1E 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df05dfc0f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df060ecc2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df060ecc2@a826d9d4996b 0xCC 0xBB 0x00 0x0B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD3 0x1B 0x61 0x2E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x07 0xDF 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x63 0x5D 0x1E 0xF1 ...
---- EOF - GMER 2.1 ----
|
| Themen zu Google Redirect Virus (?) |
| antivirus, bho, c:\windows\system32\cmd.exe, driver genius, ebanking, error, eset nod32, fehler, firefox, flash player, format, google, helper, home, install.exe, internet security 2013, intranet, kaspersky internet security 2013, launch, mozilla, office 2007, officejet, plug-in, problem, prozesse, realtek, registry, rootkit, rundll, security, senden, software, super, svchost.exe, tastatur, udp, virus, vista |
Baum-Darstellung