| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google Redirect Virus (?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
08.04.2013, 08:54
| #1 |
| |  Google Redirect Virus (?) Hallo, ich hab ein (großes ?) Problem mit meinem Laptop. Bei der Googlesuche auf meinem Laptop sind die Suchergebnisse 2-7 die angezeigt werden irgendein Spam- oder Phishingmüll. Auch läuft er sehr langsam. Die im Taskmanger angezeigten laufenden Prozesse ergeben i.d.R. aufaddiert höchstens 10 - 20%, trotzdem ist die CPU-Auslastung (fast) immer bei 100%. Aufgrund der 100% Auslastung läuft alles sehr langsam (auch die Scans mit Virenprogrammen) und der Laptop überhitzt sehr schnell. Ich habe ihn mit Malwarebytes Anti-Malware, HitmannPro, NOD32 und Spybot gescannt, jedoch ohne etwas zu finden. Auch habt ich TDSSKaspersky und Malwarebytes Rootkit und AVAST Rootkit laufen lassen ohne irgendetwas auffälliges zu finden. Ich bin total ratlos  Jetzt habe ich - nachdem ich den defrogger laufengelassen hatte - mit OLT und GMER den Laptop gescannt. Hier die Logfiles: OLT.txt: Code:
ATTFilter OTL logfile created on: 07.04.2013 22:25:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HmHm\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,21 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 70,74% Memory free 4,64 Gb Paging File | 3,63 Gb Available in Paging File | 78,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,16 Gb Total Space | 37,21 Gb Free Space | 39,51% Space Free | Partition Type: NTFS Drive D: | 195,07 Gb Total Space | 169,06 Gb Free Space | 86,66% Space Free | Partition Type: NTFS Computer Name: HMHM-PC | User Name: HmHm | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.04.07 13:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe PRC - [2013.02.15 01:37:42 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.16 22:45:20 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.11.16 16:26:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2011.07.20 12:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\LEsrv.exe PRC - [2011.07.20 12:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\audiosrv.exe PRC - [2011.07.20 12:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe PRC - [2011.06.17 20:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\obexsrv.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.02.02 05:12:10 | 000,387,584 | ---- | M] (ZTE) -- C:\Programme\congstar\Internetmanager\Bin\BMController.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2008.07.22 04:05:00 | 000,139,264 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonClient.exe PRC - [2008.07.22 04:05:00 | 000,122,880 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonServer.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.07.27 04:41:00 | 000,023,040 | ---- | M] () -- C:\Windows\System32\BeepApp.exe PRC - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe PRC - [2006.12.14 17:04:04 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\AMD\RAIDXpert\_jvm\bin\java.exe PRC - [2003.09.29 09:00:00 | 000,110,592 | ---- | M] () -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe ========== Modules (No Company Name) ========== MOD - [2012.11.16 21:37:32 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2010.01.29 10:47:30 | 000,129,024 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\BIOptimizationClient.dll MOD - [2010.01.29 10:45:10 | 000,160,768 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\BIXml.dll MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2013.03.14 01:20:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.08 22:14:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.15 01:37:42 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.20 02:07:10 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.11.16 16:26:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.07.20 12:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\LEsrv.exe -- (Bluetooth Low Energy Service) SRV - [2011.07.20 12:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service) SRV - [2011.07.20 12:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.17 20:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.15 15:51:44 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.09.29 09:00:00 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe -- (AMDRAIDXpert) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\ehdrv.sys -- (ehdrv) DRV - File not found [File_System | Disabled | Running] -- system32\DRIVERS\eamonm.sys -- (eamonm) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\HmHm\AppData\Local\Temp\aswMBR.sys -- (aswMBR) DRV - [2013.03.31 19:52:48 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2013.02.17 15:58:48 | 000,021,624 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\System32\drivers\HWiNFO32.SYS -- (HWiNFO32) DRV - [2013.02.01 11:47:14 | 000,148,208 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.11.20 02:16:23 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012.11.20 02:16:23 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi) DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.11.16 21:38:48 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.11.09 22:25:58 | 000,454,288 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012.08.13 17:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps) DRV - [2012.08.02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2012.07.16 16:38:22 | 000,023,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\johci.sys -- (johci) DRV - [2012.06.19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2011.07.25 20:09:16 | 000,564,736 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmusb.sys -- (BTMUSB) DRV - [2011.02.22 18:51:28 | 000,041,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmcom.sys -- (BTMCOM) DRV - [2010.02.18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser) DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea) DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm) DRV - [2010.02.11 05:29:56 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.12.15 04:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.08 00:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008.10.08 07:15:12 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2008.04.28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2008.04.03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2007.05.11 16:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{CC92B58A-F3A6-4963-B2C9-2FE339A97871}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "googel.com" FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.0.3 FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.5 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: ff-bmboc%40bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\HmHm\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.02.15 01:41:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.02.15 01:41:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.02.15 01:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.02.15 01:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.02.15 01:41:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internetmanager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.03.30 02:15:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:14:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.07 06:51:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.04 21:21:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.04 21:21:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:14:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.07 06:51:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.04 21:21:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.04 21:21:10 | 000,000,000 | ---D | M] [2010.11.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Extensions [2010.11.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.04.06 23:49:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions [2010.08.15 14:35:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.04.05 22:03:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\ich@maltegoetz.de [2012.02.10 11:47:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\piclens@cooliris.com [2010.03.08 15:19:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\searchrecs@veoh.com [2013.02.14 21:59:31 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2013.02.14 23:10:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.06 23:49:45 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.12.01 12:48:30 | 000,077,690 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi [2010.04.12 17:33:03 | 000,001,819 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\searchplugins\bing.xml [2010.03.18 07:59:07 | 000,002,055 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\searchplugins\daemon-search.xml [2013.03.29 10:29:29 | 000,000,947 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\searchplugins\icqplugin.xml [2013.03.08 22:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.30 02:15:40 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 11.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2010.04.01 14:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNETMANAGER\BIN\ADDON [2013.02.15 01:41:22 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2013.03.08 22:14:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.19 14:42:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 02:32:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.19 14:42:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.06 10:11:01 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2012.06.19 14:42:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 14:42:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 14:42:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://de.pokerstrategy.com/home/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://de.pokerstrategy.com/home/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: FB unseen = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcedcpmfdpjijiamkaeaefgfagnnpei\0.1.0_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Google Mail = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Users\HmHm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HmHm\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\Resources\deu.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\Resources\deu.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm () O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80424655-1B4B-44CD-8CBC-683ED8726E55}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{55e4d7f3-f6b0-11e0-bd2f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{55e4d7f3-f6b0-11e0-bd2f-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Data\setup.exe O33 - MountPoints2\{74261fc6-773a-11e2-af1e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{74261fc6-773a-11e2-af1e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.07 22:03:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.07 13:39:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe [2013.04.07 01:23:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe [2013.04.07 00:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.04.07 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Roaming\Malwarebytes [2013.04.07 00:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.07 00:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.07 00:46:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.07 00:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.05 23:27:32 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Documents\ProcAlyzer Dumps [2013.04.05 22:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.04.05 01:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.04.04 23:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.04.04 23:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2013.04.04 21:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.03.31 20:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.03.31 20:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.31 19:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013.03.31 19:52:48 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013.03.31 19:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2013.03.30 10:51:48 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Roaming\HpUpdate [2013.03.30 10:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013.03.30 10:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013.03.30 10:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013.03.30 10:43:30 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Local\HP [2013.03.30 01:09:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.03.29 14:01:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.03.29 10:47:27 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Desktop\Filme [2013.03.29 10:38:06 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Desktop\Büro [2013.03.22 23:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.11 00:55:37 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmnet.dll [2013.03.11 00:55:37 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bminstall.dll [2013.03.11 00:55:37 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmdumpd.bin [2013.03.11 00:55:37 | 000,024,192 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\tcpipBM.sys [2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys [2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys [2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys [2013.03.11 00:54:42 | 000,010,240 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\massfilter.sys [2013.03.11 00:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\congstar Internet-Manager [2013.03.11 00:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\congstar ========== Files - Modified Within 30 Days ========== [2013.04.07 21:40:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.07 21:40:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.07 19:20:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.07 18:32:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.07 18:29:11 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068858174-2851846924-383880506-1000UA.job [2013.04.07 16:32:35 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.07 15:27:41 | 000,640,404 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.07 15:27:41 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.07 15:27:41 | 000,130,456 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.07 15:27:41 | 000,108,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.07 13:44:35 | 000,377,856 | ---- | M] () -- C:\Users\HmHm\Desktop\gmer_2.1.19163.exe [2013.04.07 13:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe [2013.04.07 12:11:52 | 000,000,512 | ---- | M] () -- C:\Users\HmHm\Documents\MBR.dat [2013.04.07 11:40:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.07 11:40:50 | 2372,464,640 | -HS- | M] () -- C:\hiberfil.sys [2013.04.07 06:53:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.04.07 02:26:42 | 000,000,020 | ---- | M] () -- C:\Users\HmHm\defogger_reenable [2013.04.07 01:23:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe [2013.04.07 00:46:13 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.07 00:15:02 | 000,050,477 | ---- | M] () -- C:\Users\HmHm\Desktop\Defogger.exe [2013.04.05 22:29:17 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068858174-2851846924-383880506-1000Core.job [2013.04.05 17:24:30 | 000,004,936 | ---- | M] () -- C:\Users\HmHm\Documents\cc_20130405_172425.reg [2013.04.02 01:30:57 | 000,002,082 | ---- | M] () -- C:\Users\HmHm\Desktop\Google Chrome.lnk [2013.03.31 19:55:03 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.03.31 19:52:48 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013.03.30 10:51:23 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk [2013.03.30 10:51:22 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6600.lnk [2013.03.30 10:51:19 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk [2013.03.30 10:45:12 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013.03.30 02:30:51 | 000,338,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.30 02:16:30 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk [2013.03.30 02:16:30 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk [2013.03.29 11:24:27 | 000,000,995 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.29 11:23:58 | 000,000,961 | ---- | M] () -- C:\Users\HmHm\Desktop\Dropbox.lnk [2013.03.11 00:54:28 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk ========== Files Created - No Company Name ========== [2013.04.07 13:41:21 | 000,377,856 | ---- | C] () -- C:\Users\HmHm\Desktop\gmer_2.1.19163.exe [2013.04.07 13:33:25 | 000,050,477 | ---- | C] () -- C:\Users\HmHm\Desktop\Defogger.exe [2013.04.07 12:11:52 | 000,000,512 | ---- | C] () -- C:\Users\HmHm\Documents\MBR.dat [2013.04.07 02:25:23 | 000,000,020 | ---- | C] () -- C:\Users\HmHm\defogger_reenable [2013.04.07 00:46:13 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.06 22:57:05 | 2372,464,640 | -HS- | C] () -- C:\hiberfil.sys [2013.04.05 17:24:29 | 000,004,936 | ---- | C] () -- C:\Users\HmHm\Documents\cc_20130405_172425.reg [2013.03.31 19:55:03 | 000,001,741 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.03.30 10:51:23 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk [2013.03.30 10:51:22 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6600.lnk [2013.03.30 10:51:19 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk [2013.03.30 10:45:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.03.30 02:16:30 | 000,002,437 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk [2013.03.30 02:16:30 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk [2013.03.30 02:16:30 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk [2013.03.30 02:16:30 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk [2013.03.30 02:16:30 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk [2013.03.11 00:54:28 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk [2013.02.15 08:47:43 | 000,396,597 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.11.16 21:37:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2012.11.16 17:01:04 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.06.04 18:27:28 | 000,000,448 | ---- | C] () -- C:\ProgramData\dobkrujvufrlmra [2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.10.20 19:28:09 | 000,000,680 | ---- | C] () -- C:\Users\HmHm\AppData\Local\d3d9caps.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.09.04 00:10:37 | 000,000,104 | ---- | C] () -- C:\Users\HmHm\Papierkorb.lnk [2011.08.27 23:07:26 | 000,017,408 | ---- | C] () -- C:\Users\HmHm\AppData\Local\WebpageIcons.db [2011.06.01 13:50:01 | 000,000,045 | ---- | C] () -- C:\Users\HmHm\AppData\Local\machpro.dat [2011.06.01 10:29:22 | 000,337,856 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat [2010.12.29 23:02:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.30 21:11:20 | 000,026,112 | ---- | C] () -- C:\Users\HmHm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.10 00:01:36 | 000,000,262 | ---- | C] () -- C:\Users\HmHm\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.14 22:33:58 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Applian FLV and Media Player [2011.05.14 14:29:14 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Azureus [2011.07.15 01:39:07 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Canon [2013.03.31 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\DAEMON Tools Lite [2012.07.29 23:55:13 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Downloaded Installations [2013.04.07 20:37:34 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Dropbox [2013.02.14 21:59:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\GrabIt [2011.08.28 00:53:58 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Gutscheinmieze [2011.06.01 09:30:56 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\HEM Data [2011.10.15 00:06:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Internetmanager [2012.07.30 00:02:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Nitro PDF [2010.11.29 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\OpenOffice.org [2009.10.26 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\postgresql [2011.08.22 08:20:27 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Template [2010.11.29 12:25:57 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Thunderbird [2013.03.30 01:10:34 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\TuneUp Software [2012.07.21 22:53:31 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\UDC Profiles [2012.04.16 15:50:11 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 07.04.2013 22:25:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HmHm\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,21 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 70,74% Memory free
4,64 Gb Paging File | 3,63 Gb Available in Paging File | 78,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 37,21 Gb Free Space | 39,51% Space Free | Partition Type: NTFS
Drive D: | 195,07 Gb Total Space | 169,06 Gb Free Space | 86,66% Space Free | Partition Type: NTFS
Computer Name: HMHM-PC | User Name: HmHm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ED7B3B3-2A66-4022-98E9-52F25FF1312D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20E8E555-3CC1-499B-8479-C3633E8DE06B}" = lport=139 | protocol=6 | dir=in | app=system |
"{29D78A9C-999C-48D1-8095-044D075673ED}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{35C8DDC6-9035-4AE8-AEA3-5802FF2A9C51}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{420AC033-84FE-43BD-B2A2-86ECB0E1D4BD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{480C4C2D-3426-4C6E-BD59-ABF2443D6B32}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4C734478-0A6A-4127-A467-9D87307D19D2}" = lport=137 | protocol=17 | dir=in | app=system |
"{5A0FEA17-F3D9-470D-907F-DA70F62DDF2F}" = lport=138 | protocol=17 | dir=in | app=system |
"{5C75FB79-DBBD-4C31-9A85-F9D9EC03FBCF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{630B66A9-01AC-489D-A50A-87520C0A639F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6972A016-2576-4ED0-8DCB-C56FA62CBCFC}" = rport=138 | protocol=17 | dir=out | app=system |
"{6A86F26F-27E5-4D76-95EA-175081E835F4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73D88D1C-4554-4673-BD77-DB61B96E75E5}" = rport=139 | protocol=6 | dir=out | app=system |
"{8BC05E65-DEF9-4B0C-BD5C-C5430EDD86A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F517D81-1612-4867-9B5E-145AE89D6DC6}" = rport=137 | protocol=17 | dir=out | app=system |
"{9191AD58-B3CE-45B9-883A-A3F004080892}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AADF4699-2FC4-4A11-80B5-AC89CEE1A706}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B3B30B24-F261-4E52-829C-68628B1C926D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BC3955F8-C87D-4F0A-89D7-D02DF872FC55}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF862F13-EA41-4941-9D04-46F907A966CF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6F3CAAA-110B-4CB5-8105-3EED4EC5FF43}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CAB91FFA-7A46-4235-981A-28FCBAAD905A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9CA04E4-5D58-4F1E-B572-28B653863B39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DEE05FC4-572F-4FEC-9F88-62C6C96423FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0F8D9F3-D394-4838-A46E-8726CCB6EE66}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E26E5270-CAB9-42E9-A728-E47D325E7F7D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E4D17AE6-7AB5-4F69-A6C0-000C24FB970A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E7200A35-FBC9-4981-8470-BB887E2D6FDE}" = lport=445 | protocol=6 | dir=in | app=system |
"{E99684CB-A454-42A4-AA7A-50E204036B0F}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BDAAF9F-C611-4C73-B8C0-21F4A22E152E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20B0D27D-9897-4AE8-BEC1-FD1ACBE2B1DB}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{22B6BE24-41CA-4009-9FF6-FB99AB9827BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D7049C8-FB5E-4A4B-84A2-A1888F1810DE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{36EBF7E6-CE6D-47E8-B0D5-ECF11C7AADEF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3A5FAE5F-8669-4BE7-BC64-BDE942362554}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3ECE6220-D55B-40F8-9D75-6140D75B87B4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4B32C543-202A-4445-ACC3-4C7FEAA8A203}" = protocol=6 | dir=out | app=system |
"{53D6AE15-A6AB-4435-8066-0DAD789627F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F828357-0F13-4949-AF88-C943CDFEEA94}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6118791C-09C9-49C6-A527-C01DE9407785}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6209E170-6725-43F5-A30A-8DB79A8E4EF8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62A1B790-1714-4F0D-A117-9C91F2BB9A84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AD8A145-7A1C-44EE-9132-78874EFF51EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6B8B6061-4453-419D-940A-308AFA2D7B2B}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{6D9282D0-A5ED-40D2-90D4-9A707F37B085}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{79126619-8742-41E8-B747-549B6EC73815}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9B5AC03B-7FE2-42BD-A08C-D6C38297A025}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B7E9BBC7-68D3-4482-9701-82FA0EC7A9B3}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{B7F0D988-D46D-4F06-A1C9-783B34E1AF33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B81B091C-55A2-4BBF-86AF-19BDC2D310F0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B8488039-FE9F-4B9F-8F9E-6E0A0023BF4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8CE2D87-6F4B-4524-98F9-533359B81630}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE6AE5CC-2378-441A-8EB9-99355326297F}" = protocol=6 | dir=in | app=c:\users\hmhm\appdata\roaming\dropbox\bin\dropbox.exe |
"{BFB7074B-8339-4F6E-A8FF-5CC4E7FC0B78}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C109D9B0-99B3-4571-8825-8F20B643FA4E}" = protocol=17 | dir=in | app=c:\users\hmhm\appdata\roaming\dropbox\bin\dropbox.exe |
"{C7445D6A-00D1-4742-9C54-070C984C20C9}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\devicesetup.exe |
"{E033714D-24B5-4208-A908-5C64DD8C5D6C}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe |
"{F23FABE2-59B0-449E-A7F4-A242DCE60355}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E410EB-8542-5527-9FC9-4C44DF3B7E79}" = AMD Catalyst Install Manager
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03CD802D-47F0-BB70-5441-F2869FC4EEBD}" = Catalyst Control Center InstallProxy
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = AMD VISION Engine Control Center
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{28A2EF20-B486-685D-6642-829180ED7683}" = ccc-utility
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish
"{373C3C97-2FA9-4E18-85A2-255060C21031}" = Nero 8 Essentials
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese
"{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German
"{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish
"{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F1F9EC3-2A14-11B1-9111-526F36E7739B}" = AMD Fuel
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.05.26
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}" = PlayReady PC runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish
"{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese
"{BE09DD64-706D-4975-8034-E561C270D1E5}" = HP Officejet 6600 - Grundlegende Software für das Gerät
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C818BA3A-226F-4ED0-9CEF-96A0DF300211}" = HP Officejet 6600 Hilfe
"{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common
"{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V2.5.7
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1" = Motorola Bluetooth
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Driver Genius_is1" = Driver Genius
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.2 for Windows
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.04.2013 19:23:15 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
Error - 06.04.2013 19:23:15 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
Error - 06.04.2013 19:23:15 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
Error - 06.04.2013 19:23:16 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
Error - 06.04.2013 19:23:26 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
Error - 06.04.2013 19:23:26 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
Error - 06.04.2013 19:23:40 | Computer Name = HmHm-PC | Source = System Restore | ID = 8193
Description =
Error - 06.04.2013 19:28:46 | Computer Name = HmHm-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.04.2013 19:31:16 | Computer Name = HmHm-PC | Source = ATIeRecord | ID = 16399
Description = ATI EEU PX dGPU Power On failed
Error - 07.04.2013 05:42:22 | Computer Name = HmHm-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 14.02.2013 22:06:29 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (7416.1128)
Error - 14.02.2013 22:06:29 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Serververbindung konnte nicht hergestellt werden.. (7416.1129)
Error - 14.02.2013 23:07:01 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (4016.1128)
Error - 14.02.2013 23:07:01 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Serververbindung konnte nicht hergestellt werden.. (4016.1129)
Error - 15.02.2013 00:07:29 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (6792.1128)
Error - 15.02.2013 00:07:29 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Serververbindung konnte nicht hergestellt werden.. (6792.1129)
Error - 15.02.2013 01:07:57 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (7172.1128)
Error - 15.02.2013 01:07:57 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Serververbindung konnte nicht hergestellt werden.. (7172.1129)
Error - 05.04.2013 10:42:08 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (4308.1128)
Error - 05.04.2013 10:42:08 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Serververbindung konnte nicht hergestellt werden.. (4308.1129)
[ System Events ]
Error - 06.04.2013 19:06:45 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 06.04.2013 19:23:41 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 06.04.2013 19:23:49 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 06.04.2013 19:23:52 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 06.04.2013 19:23:55 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 06.04.2013 19:28:19 | Computer Name = HmHm-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =
Error - 06.04.2013 19:28:52 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 06.04.2013 19:39:44 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 07.04.2013 06:22:13 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 07.04.2013 16:11:11 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7031
Description =
< End of report >
Gmer.txt Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-08 09:42:54
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000066 WDC_____ rev.11.0 298,02GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\HmHm\AppData\Local\Temp\kwtdipoc.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x93751208]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x93704FB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0x93705300]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x93705746]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x936ED91E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x93704C92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x936EDE96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x936EDD7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0x93705164]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x93754072]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x936EDFB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSymbolicLinkObject [0x93715130]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x937DC7F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0x93705232]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x93753054]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x936ED962]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x9375134A]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x937DC8B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x93715150]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x93703422]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x936EDF2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x936EDE0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x93752BFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x9375431E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x936EE04C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x93753266]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwPlugPlayControl [0x93715140]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x936EE0D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x93703630]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x93753D20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x9370552A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x937053B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0x9370546E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x9370559A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x93753A4C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x93704E20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x93753BA8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x936EE178]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x937DC870]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x93752D9C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x937538F4]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x937DC830]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x93752EFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x93753406]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x93754486]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x937541B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x9375374A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x937531AE]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 119 844EE7DC 4 Bytes [08, 12, 75, 93] {OR [EDX], DL; JNZ 0xffffff97}
.text ntkrnlpa.exe!KeSetEvent + 13D 844EE800 8 Bytes [B8, 4F, 70, 93, 00, 53, 70, ...] {MOV EAX, 0x93704f; PUSH EBX; JO 0xffffff9b}
.text ntkrnlpa.exe!KeSetEvent + 181 844EE844 4 Bytes [46, 57, 70, 93] {INC ESI; PUSH EDI; JO 0xffffff97}
.text ntkrnlpa.exe!KeSetEvent + 1A9 844EE86C 4 Bytes [1E, D9, 6E, 93] {PUSH DS; FLDCW [ESI-0x6d]}
.text ntkrnlpa.exe!KeSetEvent + 1C1 844EE884 4 Bytes [92, 4C, 70, 93] {XCHG EDX, EAX; DEC ESP; JO 0xffffff97}
.text ...
? System32\drivers\ymyqypg.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90810000, 0x2BFBF0, 0xE8000020]
? system32\DRIVERS\eamonm.sys Das System kann den angegebenen Pfad nicht finden. !
? system32\DRIVERS\ehdrv.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\Users\HmHm\AppData\Local\Temp\aswMBR.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.sys
Device \Driver\ahcix86s \Device\Dev_ffffffff88692538 87AB460A
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
---- Processes - GMER 2.1 ----
Library C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [280] 0x614F0000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x01340000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\eguiHips.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x61B00000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x61670000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x628E0000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x62B50000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\eguiDmon.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x66BB0000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x60D50000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x60EA0000
Library C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928] 0x64350000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df05dfc0f
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df060ecc2
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df060ecc2@a826d9d4996b 0xCC 0xBB 0x00 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD3 0x1B 0x61 0x2E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x07 0xDF 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x63 0x5D 0x1E 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df05dfc0f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df060ecc2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df060ecc2@a826d9d4996b 0xCC 0xBB 0x00 0x0B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD3 0x1B 0x61 0x2E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x07 0xDF 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x63 0x5D 0x1E 0xF1 ...
---- EOF - GMER 2.1 ----
|
|
08.04.2013, 17:52
| #2 | ||
| /// TB-Ausbilder   | Google Redirect Virus (?) Hi,
__________________Zitat:
Zitat:
Und wieviele Antivirenprogramme laufen da? Ich seh Einträge von Kaspersky und von ESET..
__________________ |
|
08.04.2013, 22:23
| #3 | |||
| | Google Redirect Virus (?) Zuerst: Vielen Dank für die Antwort!
__________________ Zitat:
Zitat:
Zitat:
Code:
ATTFilter 22:21:59.0418 5460 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:22:00.0676 5460 ============================================================
22:22:00.0676 5460 Current date / time: 2013/04/08 22:22:00.0676
22:22:00.0676 5460 SystemInfo:
22:22:00.0676 5460
22:22:00.0676 5460 OS Version: 6.0.6002 ServicePack: 2.0
22:22:00.0676 5460 Product type: Workstation
22:22:00.0676 5460 ComputerName: HMHM-PC
22:22:00.0677 5460 UserName: HmHm
22:22:00.0677 5460 Windows directory: C:\Windows
22:22:00.0677 5460 System windows directory: C:\Windows
22:22:00.0677 5460 Processor architecture: Intel x86
22:22:00.0677 5460 Number of processors: 2
22:22:00.0677 5460 Page size: 0x1000
22:22:00.0677 5460 Boot type: Normal boot
22:22:00.0677 5460 ============================================================
22:22:02.0322 5460 Drive \Device\Harddisk0\DR0 - Size: 0x4A817C0000 (298.02 Gb), SectorSize: 0x200, Cylinders: 0x97F8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:22:02.0325 5460 ============================================================
22:22:02.0325 5460 \Device\Harddisk0\DR0:
22:22:02.0325 5460 MBR partitions:
22:22:02.0325 5460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0xBC51800
22:22:02.0325 5460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCDE6000, BlocksNum 0x18625600
22:22:02.0325 5460 ============================================================
22:22:02.0393 5460 C: <-> \Device\Harddisk0\DR0\Partition1
22:22:02.0493 5460 D: <-> \Device\Harddisk0\DR0\Partition2
22:22:02.0493 5460 ============================================================
22:22:02.0493 5460 Initialize success
22:22:02.0494 5460 ============================================================
22:22:09.0019 4116 ============================================================
22:22:09.0020 4116 Scan started
22:22:09.0020 4116 Mode: Manual; SigCheck; TDLFS;
22:22:09.0020 4116 ============================================================
22:22:10.0574 4116 ================ Scan system memory ========================
22:22:10.0574 4116 System memory - ok
22:22:10.0575 4116 ================ Scan services =============================
22:22:10.0923 4116 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:22:11.0770 4116 ACPI - ok
22:22:11.0946 4116 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:22:11.0964 4116 AdobeARMservice - ok
22:22:12.0107 4116 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:22:12.0128 4116 AdobeFlashPlayerUpdateSvc - ok
22:22:12.0194 4116 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:22:12.0237 4116 adp94xx - ok
22:22:12.0360 4116 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:22:12.0397 4116 adpahci - ok
22:22:12.0413 4116 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:22:12.0433 4116 adpu160m - ok
22:22:12.0459 4116 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:22:12.0480 4116 adpu320 - ok
22:22:12.0523 4116 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:22:12.0670 4116 AeLookupSvc - ok
22:22:12.0731 4116 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
22:22:12.0765 4116 AFD - ok
22:22:12.0800 4116 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:22:12.0836 4116 agp440 - ok
22:22:12.0887 4116 [ 6EEE47ADFE3BC5694DF661DCA0F78D04 ] ahcix86s C:\Windows\system32\drivers\ahcix86s.sys
22:22:12.0905 4116 ahcix86s - ok
22:22:12.0926 4116 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:22:12.0945 4116 aic78xx - ok
22:22:12.0965 4116 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
22:22:13.0111 4116 ALG - ok
22:22:13.0124 4116 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
22:22:13.0158 4116 aliide - ok
22:22:13.0219 4116 [ F9491B157A8CD70557745FA0312C1EEE ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:22:13.0273 4116 AMD External Events Utility - ok
22:22:13.0381 4116 AMD FUEL Service - ok
22:22:13.0405 4116 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:22:13.0441 4116 amdagp - ok
22:22:13.0478 4116 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
22:22:13.0505 4116 amdide - ok
22:22:13.0517 4116 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
22:22:13.0534 4116 amdiox86 - ok
22:22:13.0552 4116 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
22:22:13.0611 4116 AmdK7 - ok
22:22:13.0633 4116 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:22:13.0743 4116 AmdK8 - ok
22:22:14.0260 4116 [ F53B89A4B976B534DAA8AEDAFEAF8EA3 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:22:14.0801 4116 amdkmdag - ok
22:22:14.0900 4116 [ 3DEA9B1D1B274C739C9367FB1E56185F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:22:14.0957 4116 amdkmdap - ok
22:22:15.0039 4116 [ AFE7733A20BC394D34713440AF680B63 ] AMDRAIDXpert C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
22:22:15.0099 4116 AMDRAIDXpert ( UnsignedFile.Multi.Generic ) - warning
22:22:15.0099 4116 AMDRAIDXpert - detected UnsignedFile.Multi.Generic (1)
22:22:15.0135 4116 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
22:22:15.0252 4116 Appinfo - ok
22:22:15.0313 4116 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
22:22:15.0334 4116 arc - ok
22:22:15.0352 4116 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:22:15.0371 4116 arcsas - ok
22:22:15.0395 4116 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:22:15.0465 4116 AsyncMac - ok
22:22:15.0488 4116 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
22:22:15.0516 4116 atapi - ok
22:22:15.0635 4116 [ 2846F5EE802889D500FCF5CC48B28381 ] athr C:\Windows\system32\DRIVERS\athr.sys
22:22:15.0879 4116 athr - ok
22:22:16.0312 4116 [ F53B89A4B976B534DAA8AEDAFEAF8EA3 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:22:16.0665 4116 atikmdag - ok
22:22:16.0718 4116 [ 5A1465AD2E7C1BC39CDA12A355329096 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
22:22:16.0749 4116 AtiPcie - ok
22:22:16.0804 4116 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:22:16.0850 4116 AudioEndpointBuilder - ok
22:22:16.0859 4116 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:22:16.0888 4116 Audiosrv - ok
22:22:17.0235 4116 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
22:22:17.0261 4116 AVP - ok
22:22:17.0369 4116 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
22:22:17.0445 4116 Beep - ok
22:22:17.0486 4116 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
22:22:17.0557 4116 BFE - ok
22:22:17.0614 4116 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
22:22:17.0754 4116 BITS - ok
22:22:17.0778 4116 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:22:17.0832 4116 blbdrive - ok
22:22:18.0032 4116 [ B32C5D84E9A52372327C6B033C3D59B6 ] Bluetooth Device Manager C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
22:22:18.0498 4116 Bluetooth Device Manager - ok
22:22:18.0568 4116 [ 54A84BC363F697785B54F990960D68D8 ] Bluetooth Low Energy Service C:\Program Files\Motorola\Bluetooth\LEsrv.exe
22:22:18.0593 4116 Bluetooth Low Energy Service - ok
22:22:18.0686 4116 [ 12DEA7DBDB89BA39B4D0A86A7C4AE3FE ] Bluetooth Media Service C:\Program Files\Motorola\Bluetooth\audiosrv.exe
22:22:18.0752 4116 Bluetooth Media Service - ok
22:22:18.0852 4116 [ E9D366D4365EA9775A03AA569A151BFE ] Bluetooth OBEX Service C:\Program Files\Motorola\Bluetooth\obexsrv.exe
22:22:18.0884 4116 Bluetooth OBEX Service - ok
22:22:18.0919 4116 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:22:18.0971 4116 bowser - ok
22:22:19.0035 4116 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:22:19.0102 4116 BrFiltLo - ok
22:22:19.0166 4116 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:22:19.0259 4116 BrFiltUp - ok
22:22:19.0282 4116 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
22:22:19.0333 4116 Browser - ok
22:22:19.0371 4116 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
22:22:19.0554 4116 Brserid - ok
22:22:19.0589 4116 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:22:19.0663 4116 BrSerWdm - ok
22:22:19.0714 4116 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:22:19.0779 4116 BrUsbMdm - ok
22:22:19.0797 4116 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:22:19.0875 4116 BrUsbSer - ok
22:22:19.0904 4116 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
22:22:19.0941 4116 BthEnum - ok
22:22:19.0962 4116 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:22:20.0027 4116 BTHMODEM - ok
22:22:20.0079 4116 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:22:20.0145 4116 BthPan - ok
22:22:20.0226 4116 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
22:22:20.0258 4116 BTHPORT - ok
22:22:20.0284 4116 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
22:22:20.0335 4116 BthServ - ok
22:22:20.0362 4116 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
22:22:20.0460 4116 BTHUSB - ok
22:22:20.0517 4116 [ DAEE018EA8D4FAF49A7C90698865DC53 ] BTMCOM C:\Windows\system32\Drivers\btmcom.sys
22:22:20.0568 4116 BTMCOM - ok
22:22:20.0725 4116 [ 843770815CBDE9EBE03D9A0D741524B7 ] BTMUSB C:\Windows\system32\Drivers\btmusb.sys
22:22:20.0828 4116 BTMUSB - ok
22:22:20.0868 4116 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:22:20.0933 4116 cdfs - ok
22:22:20.0968 4116 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:22:21.0018 4116 cdrom - ok
22:22:21.0045 4116 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
22:22:21.0086 4116 CertPropSvc - ok
22:22:21.0122 4116 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:22:21.0202 4116 circlass - ok
22:22:21.0255 4116 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
22:22:21.0280 4116 CLFS - ok
22:22:21.0372 4116 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:22:21.0413 4116 clr_optimization_v2.0.50727_32 - ok
22:22:21.0490 4116 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:22:21.0643 4116 clr_optimization_v4.0.30319_32 - ok
22:22:21.0663 4116 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:22:21.0721 4116 CmBatt - ok
22:22:21.0763 4116 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:22:21.0781 4116 cmdide - ok
22:22:21.0809 4116 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:22:21.0826 4116 Compbatt - ok
22:22:21.0833 4116 COMSysApp - ok
22:22:21.0849 4116 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:22:21.0866 4116 crcdisk - ok
22:22:21.0889 4116 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
22:22:21.0932 4116 Crusoe - ok
22:22:21.0986 4116 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:22:22.0051 4116 CryptSvc - ok
22:22:22.0108 4116 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:22:22.0200 4116 DcomLaunch - ok
22:22:22.0258 4116 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:22:22.0304 4116 DfsC - ok
22:22:22.0406 4116 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
22:22:22.0555 4116 DFSR - ok
22:22:22.0583 4116 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:22:22.0635 4116 Dhcp - ok
22:22:22.0686 4116 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
22:22:22.0715 4116 disk - ok
22:22:22.0735 4116 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:22:22.0793 4116 Dnscache - ok
22:22:22.0821 4116 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:22:22.0884 4116 dot3svc - ok
22:22:22.0912 4116 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
22:22:22.0973 4116 DPS - ok
22:22:23.0005 4116 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:22:23.0088 4116 drmkaud - ok
22:22:23.0130 4116 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:22:23.0150 4116 dtsoftbus01 - ok
22:22:23.0238 4116 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:22:23.0318 4116 DXGKrnl - ok
22:22:23.0349 4116 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
22:22:23.0400 4116 E1G60 - ok
22:22:23.0438 4116 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
22:22:23.0493 4116 EapHost - ok
22:22:23.0542 4116 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
22:22:23.0564 4116 Ecache - ok
22:22:23.0694 4116 [ 3A511ED3C9A9DA2CD5A50FF46178063A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:22:23.0779 4116 ehRecvr - ok
22:22:23.0819 4116 [ A3D94C93333619458AF4BDE7531234C5 ] ehSched C:\Windows\ehome\ehsched.exe
22:22:23.0865 4116 ehSched - ok
22:22:23.0906 4116 [ 487BA5C5BB442BD172F120DC197811C2 ] ehstart C:\Windows\ehome\ehstart.dll
22:22:23.0924 4116 ehstart - ok
22:22:23.0988 4116 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:22:24.0027 4116 elxstor - ok
22:22:24.0123 4116 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:22:24.0251 4116 EMDMgmt - ok
22:22:24.0291 4116 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:22:24.0350 4116 ErrDev - ok
22:22:24.0424 4116 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
22:22:24.0464 4116 EventSystem - ok
22:22:24.0526 4116 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
22:22:24.0559 4116 exfat - ok
22:22:24.0631 4116 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:22:24.0680 4116 fastfat - ok
22:22:24.0718 4116 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:22:24.0751 4116 fdc - ok
22:22:24.0797 4116 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
22:22:24.0830 4116 fdPHost - ok
22:22:24.0851 4116 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
22:22:24.0922 4116 FDResPub - ok
22:22:24.0943 4116 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:22:24.0962 4116 FileInfo - ok
22:22:24.0986 4116 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:22:25.0045 4116 Filetrace - ok
22:22:25.0198 4116 [ 3D9B36631032FDE0FFEA0DC0260E4E35 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:22:25.0254 4116 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:22:25.0254 4116 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:22:25.0278 4116 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:22:25.0331 4116 flpydisk - ok
22:22:25.0362 4116 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:22:25.0385 4116 FltMgr - ok
22:22:25.0530 4116 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
22:22:25.0654 4116 FontCache - ok
22:22:25.0748 4116 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:22:25.0765 4116 FontCache3.0.0.0 - ok
22:22:25.0819 4116 [ 6A4125EDBE6D5907D4B1E4514F1F5675 ] FSCLBaseUpdaterService C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
22:22:25.0838 4116 FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - warning
22:22:25.0838 4116 FSCLBaseUpdaterService - detected UnsignedFile.Multi.Generic (1)
22:22:25.0883 4116 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
22:22:25.0900 4116 fssfltr - ok
22:22:26.0271 4116 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:22:26.0359 4116 fsssvc - ok
22:22:26.0391 4116 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:22:26.0417 4116 Fs_Rec - ok
22:22:26.0472 4116 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:22:26.0506 4116 gagp30kx - ok
22:22:26.0549 4116 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
22:22:26.0680 4116 gpsvc - ok
22:22:26.0854 4116 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:26.0870 4116 gupdate - ok
22:22:26.0876 4116 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:26.0892 4116 gupdatem - ok
22:22:26.0975 4116 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:22:27.0030 4116 HdAudAddService - ok
22:22:27.0080 4116 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:22:27.0195 4116 HDAudBus - ok
22:22:27.0238 4116 [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:22:27.0282 4116 HidBth - ok
22:22:27.0320 4116 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:22:27.0369 4116 HidIr - ok
22:22:27.0405 4116 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
22:22:27.0442 4116 hidserv - ok
22:22:27.0485 4116 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:22:27.0529 4116 HidUsb - ok
22:22:27.0564 4116 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:22:27.0599 4116 hkmsvc - ok
22:22:27.0611 4116 [ 8B566EA71D5B76157A9CDB78F25A5731 ] Hotkey C:\Windows\system32\drivers\Hotkey.sys
22:22:27.0632 4116 Hotkey ( UnsignedFile.Multi.Generic ) - warning
22:22:27.0632 4116 Hotkey - detected UnsignedFile.Multi.Generic (1)
22:22:27.0669 4116 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:22:27.0687 4116 HpCISSs - ok
22:22:27.0737 4116 [ 65D37BD167DD35C3663F4F097174E891 ] HSPADataCardusbmdm C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys
22:22:27.0802 4116 HSPADataCardusbmdm - ok
22:22:27.0828 4116 [ 65D37BD167DD35C3663F4F097174E891 ] HSPADataCardusbnmea C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys
22:22:27.0848 4116 HSPADataCardusbnmea - ok
22:22:27.0861 4116 [ 65D37BD167DD35C3663F4F097174E891 ] HSPADataCardusbser C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys
22:22:27.0881 4116 HSPADataCardusbser - ok
22:22:27.0935 4116 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:22:28.0007 4116 HTTP - ok
22:22:28.0090 4116 [ 22B142AED14E7385B221539C15AF1568 ] HWiNFO32 C:\Windows\system32\drivers\HWiNFO32.SYS
22:22:28.0107 4116 HWiNFO32 - ok
22:22:28.0173 4116 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:22:28.0192 4116 i2omp - ok
22:22:28.0217 4116 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:22:28.0258 4116 i8042prt - ok
22:22:28.0309 4116 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\drivers\iastor.sys
22:22:28.0334 4116 iaStor - ok
22:22:28.0361 4116 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:22:28.0385 4116 iaStorV - ok
22:22:28.0456 4116 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:22:28.0530 4116 idsvc - ok
22:22:28.0547 4116 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:22:28.0565 4116 iirsp - ok
22:22:28.0604 4116 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
22:22:28.0674 4116 IKEEXT - ok
22:22:28.0808 4116 [ DCE087456521FA31EEA20223A1937E42 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:22:29.0222 4116 IntcAzAudAddService - ok
22:22:29.0270 4116 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
22:22:29.0291 4116 intelide - ok
22:22:29.0308 4116 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:22:29.0361 4116 intelppm - ok
22:22:29.0387 4116 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:22:29.0437 4116 IPBusEnum - ok
22:22:29.0467 4116 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:22:29.0557 4116 IpFilterDriver - ok
22:22:29.0612 4116 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:22:29.0641 4116 iphlpsvc - ok
22:22:29.0650 4116 IpInIp - ok
22:22:29.0672 4116 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:22:29.0734 4116 IPMIDRV - ok
22:22:29.0760 4116 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:22:29.0811 4116 IPNAT - ok
22:22:29.0833 4116 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:22:29.0885 4116 IRENUM - ok
22:22:29.0911 4116 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:22:29.0931 4116 isapnp - ok
22:22:29.0972 4116 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:22:29.0994 4116 iScsiPrt - ok
22:22:30.0017 4116 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:22:30.0035 4116 iteatapi - ok
22:22:30.0055 4116 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:22:30.0072 4116 iteraid - ok
22:22:30.0111 4116 [ C4586CC52D70E9DB5D41A679C45DF0AB ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
22:22:30.0132 4116 JMCR - ok
22:22:30.0188 4116 [ B17792EB99401D59EBCA4A07C34004F8 ] johci C:\Windows\system32\DRIVERS\johci.sys
22:22:30.0204 4116 johci - ok
22:22:30.0243 4116 [ C36F3A1A4E8416EF43F30DEAB7701730 ] JRAID C:\Windows\system32\drivers\jraid.sys
22:22:30.0281 4116 JRAID - ok
22:22:30.0299 4116 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:22:30.0317 4116 kbdclass - ok
22:22:30.0345 4116 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:22:30.0382 4116 kbdhid - ok
22:22:30.0424 4116 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
22:22:30.0470 4116 KeyIso - ok
22:22:30.0548 4116 [ EA26CB00F83686856F2C79673C00C686 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
22:22:30.0568 4116 kl1 - ok
22:22:30.0631 4116 [ FBC7F840F1118D358D2AFB8C1714B384 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
22:22:30.0676 4116 KLIF - ok
22:22:30.0701 4116 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
22:22:30.0732 4116 KLIM6 - ok
22:22:30.0758 4116 [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
22:22:30.0774 4116 klkbdflt - ok
22:22:30.0796 4116 [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
22:22:30.0818 4116 klmouflt - ok
22:22:30.0872 4116 [ 53C0DF6C5139CB78A631E7AFCD893730 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
22:22:30.0902 4116 kltdi - ok
22:22:30.0926 4116 [ 71A38C123600172511C26BFABD0EF579 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
22:22:30.0949 4116 kneps - ok
22:22:31.0073 4116 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:22:31.0114 4116 KSecDD - ok
22:22:31.0149 4116 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
22:22:31.0190 4116 KtmRm - ok
22:22:31.0219 4116 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
22:22:31.0279 4116 LanmanServer - ok
22:22:31.0339 4116 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:22:31.0387 4116 LanmanWorkstation - ok
22:22:31.0418 4116 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:22:31.0464 4116 lltdio - ok
22:22:31.0551 4116 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:22:31.0606 4116 lltdsvc - ok
22:22:31.0626 4116 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:22:31.0701 4116 lmhosts - ok
22:22:31.0721 4116 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:22:31.0741 4116 LSI_FC - ok
22:22:31.0762 4116 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:22:31.0781 4116 LSI_SAS - ok
22:22:31.0799 4116 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:22:31.0819 4116 LSI_SCSI - ok
22:22:31.0839 4116 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
22:22:31.0888 4116 luafv - ok
22:22:31.0920 4116 [ D5673785903639D186DC345FF86F423F ] massfilter C:\Windows\system32\drivers\massfilter.sys
22:22:31.0968 4116 massfilter - ok
22:22:32.0022 4116 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:22:32.0040 4116 MBAMProtector - ok
22:22:32.0087 4116 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:22:32.0282 4116 MBAMScheduler - ok
22:22:32.0322 4116 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:22:32.0352 4116 MBAMService - ok
22:22:32.0398 4116 [ 3BD2AD18179DEAD6652E87157FB98E4A ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:22:32.0418 4116 Mcx2Svc - ok
22:22:32.0456 4116 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
22:22:32.0475 4116 megasas - ok
22:22:32.0507 4116 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:22:32.0540 4116 MegaSR - ok
22:22:32.0582 4116 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
22:22:32.0637 4116 MMCSS - ok
22:22:32.0673 4116 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
22:22:32.0718 4116 Modem - ok
22:22:32.0739 4116 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:22:32.0792 4116 monitor - ok
22:22:32.0814 4116 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:22:32.0838 4116 mouclass - ok
22:22:32.0850 4116 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:22:32.0894 4116 mouhid - ok
22:22:32.0923 4116 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:22:32.0948 4116 MountMgr - ok
22:22:33.0009 4116 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:22:33.0029 4116 MozillaMaintenance - ok
22:22:33.0053 4116 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
22:22:33.0073 4116 mpio - ok
22:22:33.0101 4116 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:22:33.0143 4116 mpsdrv - ok
22:22:33.0185 4116 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
22:22:33.0220 4116 MpsSvc - ok
22:22:33.0240 4116 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:22:33.0260 4116 Mraid35x - ok
22:22:33.0310 4116 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:22:33.0348 4116 MRxDAV - ok
22:22:33.0408 4116 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:22:33.0462 4116 mrxsmb - ok
22:22:33.0547 4116 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:22:33.0624 4116 mrxsmb10 - ok
22:22:33.0667 4116 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:22:33.0753 4116 mrxsmb20 - ok
22:22:33.0799 4116 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
22:22:33.0835 4116 msahci - ok
22:22:33.0901 4116 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:22:33.0947 4116 msdsm - ok
22:22:33.0986 4116 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
22:22:34.0066 4116 MSDTC - ok
22:22:34.0122 4116 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:22:34.0201 4116 Msfs - ok
22:22:34.0283 4116 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:22:34.0341 4116 msisadrv - ok
22:22:34.0399 4116 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:22:34.0456 4116 MSiSCSI - ok
22:22:34.0462 4116 msiserver - ok
22:22:34.0530 4116 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:22:34.0603 4116 MSKSSRV - ok
22:22:34.0625 4116 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:22:34.0714 4116 MSPCLOCK - ok
22:22:34.0755 4116 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:22:34.0900 4116 MSPQM - ok
22:22:34.0952 4116 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:22:35.0057 4116 MsRPC - ok
22:22:35.0183 4116 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:22:35.0200 4116 mssmbios - ok
22:22:35.0265 4116 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:22:35.0422 4116 MSTEE - ok
22:22:35.0559 4116 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
22:22:35.0605 4116 Mup - ok
22:22:35.0820 4116 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
22:22:35.0896 4116 napagent - ok
22:22:35.0976 4116 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:22:36.0096 4116 NativeWifiP - ok
22:22:36.0403 4116 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:22:36.0572 4116 NDIS - ok
22:22:36.0630 4116 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:22:36.0712 4116 NdisTapi - ok
22:22:36.0755 4116 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:22:36.0872 4116 Ndisuio - ok
22:22:36.0936 4116 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:22:37.0005 4116 NdisWan - ok
22:22:37.0023 4116 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:22:37.0052 4116 NDProxy - ok
22:22:37.0231 4116 [ B044BB341E164DA6750A9B8E6A5FF6A1 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
22:22:37.0317 4116 Nero BackItUp Scheduler 3 - ok
22:22:37.0338 4116 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:22:37.0382 4116 NetBIOS - ok
22:22:37.0428 4116 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:22:37.0471 4116 netbt - ok
22:22:37.0518 4116 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
22:22:37.0537 4116 Netlogon - ok
22:22:37.0590 4116 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
22:22:37.0643 4116 Netman - ok
22:22:37.0696 4116 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
22:22:37.0733 4116 netprofm - ok
22:22:37.0770 4116 [ 91D44AA2A61006136DA32118A179BF12 ] netr73 C:\Windows\system32\DRIVERS\netr73.sys
22:22:37.0869 4116 netr73 - ok
22:22:37.0911 4116 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:22:37.0930 4116 NetTcpPortSharing - ok
22:22:37.0959 4116 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:22:37.0976 4116 nfrd960 - ok
22:22:37.0998 4116 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:22:38.0034 4116 NlaSvc - ok
22:22:38.0187 4116 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
22:22:38.0850 4116 NMIndexingService - ok
22:22:38.0889 4116 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:22:38.0932 4116 Npfs - ok
22:22:38.0961 4116 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
22:22:39.0016 4116 nsi - ok
22:22:39.0062 4116 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:22:39.0189 4116 nsiproxy - ok
22:22:39.0276 4116 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:22:39.0432 4116 Ntfs - ok
22:22:39.0465 4116 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
22:22:39.0518 4116 ntrigdigi - ok
22:22:39.0549 4116 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
22:22:39.0594 4116 Null - ok
22:22:39.0620 4116 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:22:39.0642 4116 nvraid - ok
22:22:39.0666 4116 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:22:39.0685 4116 nvstor - ok
22:22:39.0703 4116 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:22:39.0723 4116 nv_agp - ok
22:22:39.0730 4116 NwlnkFlt - ok
22:22:39.0740 4116 NwlnkFwd - ok
22:22:39.0815 4116 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:22:40.0033 4116 odserv - ok
22:22:40.0063 4116 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:22:40.0108 4116 ohci1394 - ok
22:22:40.0187 4116 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:22:40.0207 4116 ose - ok
22:22:40.0282 4116 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:22:40.0373 4116 p2pimsvc - ok
22:22:40.0386 4116 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
22:22:40.0418 4116 p2psvc - ok
22:22:40.0474 4116 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
22:22:40.0528 4116 Parport - ok
22:22:40.0567 4116 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:22:40.0597 4116 partmgr - ok
22:22:40.0622 4116 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
22:22:40.0696 4116 Parvdm - ok
22:22:40.0738 4116 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
22:22:40.0799 4116 PcaSvc - ok
22:22:40.0836 4116 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
22:22:40.0857 4116 pci - ok
22:22:40.0875 4116 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
22:22:40.0893 4116 pciide - ok
22:22:40.0938 4116 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:22:40.0972 4116 pcmcia - ok
22:22:41.0002 4116 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:22:41.0109 4116 PEAUTH - ok
22:22:41.0203 4116 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
22:22:41.0294 4116 pla - ok
22:22:41.0328 4116 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
22:22:41.0336 4116 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
22:22:41.0336 4116 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
22:22:41.0418 4116 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:22:41.0492 4116 PlugPlay - ok
22:22:41.0527 4116 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:22:41.0567 4116 PNRPAutoReg - ok
22:22:41.0583 4116 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:22:41.0616 4116 PNRPsvc - ok
22:22:41.0651 4116 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:22:41.0690 4116 PolicyAgent - ok
22:22:41.0721 4116 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:22:41.0765 4116 PptpMiniport - ok
22:22:41.0787 4116 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:22:41.0833 4116 Processor - ok
22:22:41.0871 4116 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
22:22:41.0922 4116 ProfSvc - ok
22:22:41.0928 4116 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:22:41.0947 4116 ProtectedStorage - ok
22:22:41.0985 4116 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:22:42.0024 4116 PSched - ok
22:22:42.0098 4116 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:22:42.0234 4116 ql2300 - ok
22:22:42.0284 4116 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:22:42.0314 4116 ql40xx - ok
22:22:42.0369 4116 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
22:22:42.0415 4116 QWAVE - ok
22:22:42.0439 4116 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:22:42.0473 4116 QWAVEdrv - ok
22:22:42.0499 4116 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:22:42.0546 4116 RasAcd - ok
22:22:42.0569 4116 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
22:22:42.0621 4116 RasAuto - ok
22:22:42.0647 4116 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:22:42.0684 4116 Rasl2tp - ok
22:22:42.0730 4116 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
22:22:42.0777 4116 RasMan - ok
22:22:42.0817 4116 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:22:42.0843 4116 RasPppoe - ok
22:22:42.0875 4116 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:22:42.0895 4116 RasSstp - ok
22:22:42.0940 4116 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:22:43.0008 4116 rdbss - ok
22:22:43.0042 4116 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:22:43.0087 4116 RDPCDD - ok
22:22:43.0121 4116 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
22:22:43.0161 4116 rdpdr - ok
22:22:43.0171 4116 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:22:43.0205 4116 RDPENCDD - ok
22:22:43.0238 4116 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:22:43.0276 4116 RDPWD - ok
22:22:43.0352 4116 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:22:43.0402 4116 RemoteAccess - ok
22:22:43.0444 4116 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:22:43.0496 4116 RemoteRegistry - ok
22:22:43.0542 4116 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:22:43.0591 4116 RFCOMM - ok
22:22:43.0622 4116 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
22:22:43.0650 4116 RpcLocator - ok
22:22:43.0701 4116 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
22:22:43.0763 4116 RpcSs - ok
22:22:43.0789 4116 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:22:43.0823 4116 rspndr - ok
22:22:43.0875 4116 [ 8DF962D1209D1F3D3F444C205950247F ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
22:22:43.0905 4116 RTL8169 - ok
22:22:43.0911 4116 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
22:22:43.0931 4116 SamSs - ok
22:22:43.0948 4116 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:22:43.0967 4116 sbp2port - ok
22:22:44.0002 4116 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:22:44.0049 4116 SCardSvr - ok
22:22:44.0104 4116 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
22:22:44.0247 4116 Schedule - ok
22:22:44.0283 4116 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:22:44.0310 4116 SCPolicySvc - ok
22:22:44.0342 4116 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:22:44.0385 4116 sdbus - ok
22:22:44.0424 4116 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:22:44.0490 4116 SDRSVC - ok
22:22:44.0514 4116 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:22:44.0580 4116 secdrv - ok
22:22:44.0601 4116 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
22:22:44.0647 4116 seclogon - ok
22:22:44.0669 4116 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
22:22:44.0721 4116 SENS - ok
22:22:44.0752 4116 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
22:22:44.0825 4116 Serenum - ok
22:22:44.0850 4116 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
22:22:44.0916 4116 Serial - ok
22:22:44.0945 4116 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:22:44.0978 4116 sermouse - ok
22:22:45.0030 4116 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
22:22:45.0065 4116 SessionEnv - ok
22:22:45.0079 4116 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:22:45.0124 4116 sffdisk - ok
22:22:45.0172 4116 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:22:45.0224 4116 sffp_mmc - ok
22:22:45.0241 4116 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:22:45.0273 4116 sffp_sd - ok
22:22:45.0297 4116 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:22:45.0365 4116 sfloppy - ok
22:22:45.0401 4116 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:22:45.0464 4116 SharedAccess - ok
22:22:45.0533 4116 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:22:45.0573 4116 ShellHWDetection - ok
22:22:45.0606 4116 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:22:45.0625 4116 sisagp - ok
22:22:45.0650 4116 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:22:45.0668 4116 SiSRaid2 - ok
22:22:45.0693 4116 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:22:45.0713 4116 SiSRaid4 - ok
22:22:45.0773 4116 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:22:45.0790 4116 SkypeUpdate - ok
22:22:45.0910 4116 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
22:22:46.0249 4116 slsvc - ok
22:22:46.0310 4116 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:22:46.0341 4116 SLUINotify - ok
22:22:46.0427 4116 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:22:46.0486 4116 Smb - ok
22:22:46.0545 4116 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:22:46.0579 4116 SNMPTRAP - ok
22:22:46.0645 4116 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
22:22:46.0664 4116 spldr - ok
22:22:46.0699 4116 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
22:22:46.0758 4116 Spooler - ok
22:22:46.0779 4116 sptd - ok
22:22:46.0906 4116 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:22:46.0969 4116 srv - ok
22:22:47.0036 4116 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:22:47.0099 4116 srv2 - ok
22:22:47.0132 4116 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:22:47.0207 4116 srvnet - ok
22:22:47.0267 4116 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:22:47.0326 4116 SSDPSRV - ok
22:22:47.0353 4116 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:22:47.0396 4116 SstpSvc - ok
22:22:47.0443 4116 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
22:22:47.0490 4116 StillCam - ok
22:22:47.0550 4116 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
22:22:47.0621 4116 stisvc - ok
22:22:47.0682 4116 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:22:47.0730 4116 swenum - ok
22:22:47.0809 4116 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
22:22:47.0861 4116 swprv - ok
22:22:47.0879 4116 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:22:47.0898 4116 Symc8xx - ok
22:22:47.0917 4116 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:22:47.0935 4116 Sym_hi - ok
22:22:47.0963 4116 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:22:47.0984 4116 Sym_u3 - ok
22:22:48.0082 4116 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
22:22:48.0181 4116 SysMain - ok
22:22:48.0208 4116 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:22:48.0245 4116 TabletInputService - ok
22:22:48.0326 4116 [ 9171A2543E4B23EEFC03F4CD671EA54A ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
22:22:48.0379 4116 tap0901 ( UnsignedFile.Multi.Generic ) - warning
22:22:48.0379 4116 tap0901 - detected UnsignedFile.Multi.Generic (1)
22:22:48.0485 4116 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:22:48.0594 4116 TapiSrv - ok
22:22:48.0633 4116 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
22:22:48.0688 4116 TBS - ok
22:22:48.0957 4116 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:22:49.0745 4116 Tcpip - ok
22:22:50.0057 4116 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:22:50.0152 4116 Tcpip6 - ok
22:22:50.0437 4116 [ 74905EBCBB8CBDB1F3C0B1778BBCB4BC ] tcpipBM C:\Windows\system32\drivers\tcpipBM.sys
22:22:50.0460 4116 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
22:22:50.0460 4116 tcpipBM - detected UnsignedFile.Multi.Generic (1)
22:22:50.0504 4116 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:22:50.0555 4116 tcpipreg - ok
22:22:50.0646 4116 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:22:50.0753 4116 TDPIPE - ok
22:22:50.0830 4116 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:22:50.0922 4116 TDTCP - ok
22:22:51.0025 4116 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:22:51.0266 4116 tdx - ok
22:22:51.0346 4116 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:22:51.0374 4116 TermDD - ok
22:22:51.0595 4116 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
22:22:51.0664 4116 TermService - ok
22:22:51.0922 4116 [ 76468DF7A7A92413A57C998DE5C39290 ] TestHandler C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
22:22:51.0965 4116 TestHandler - ok
22:22:51.0993 4116 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
22:22:52.0233 4116 Themes - ok
22:22:52.0295 4116 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
22:22:52.0394 4116 THREADORDER - ok
22:22:52.0451 4116 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
22:22:52.0509 4116 TrkWks - ok
22:22:52.0605 4116 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:22:52.0729 4116 TrustedInstaller - ok
22:22:52.0763 4116 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:22:52.0852 4116 tssecsrv - ok
22:22:52.0905 4116 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:22:52.0990 4116 tunmp - ok
22:22:53.0005 4116 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:22:53.0053 4116 tunnel - ok
22:22:53.0114 4116 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:22:53.0276 4116 uagp35 - ok
22:22:53.0389 4116 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:22:53.0623 4116 udfs - ok
22:22:53.0661 4116 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:22:53.0744 4116 UI0Detect - ok
22:22:53.0823 4116 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:22:53.0889 4116 uliagpkx - ok
22:22:53.0971 4116 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:22:54.0017 4116 uliahci - ok
22:22:54.0057 4116 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:22:54.0108 4116 UlSata - ok
22:22:54.0183 4116 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:22:54.0231 4116 ulsata2 - ok
22:22:54.0272 4116 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:22:54.0398 4116 umbus - ok
22:22:54.0502 4116 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
22:22:54.0541 4116 upnphost - ok
22:22:54.0573 4116 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:22:54.0635 4116 usbccgp - ok
22:22:54.0701 4116 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:22:54.0773 4116 usbcir - ok
22:22:54.0825 4116 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:22:54.0891 4116 usbehci - ok
22:22:54.0913 4116 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:22:54.0969 4116 usbhub - ok
22:22:55.0009 4116 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:22:55.0056 4116 usbohci - ok
22:22:55.0127 4116 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:22:55.0172 4116 usbprint - ok
22:22:55.0238 4116 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:22:55.0277 4116 usbscan - ok
22:22:55.0301 4116 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:22:55.0340 4116 USBSTOR - ok
22:22:55.0367 4116 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:22:55.0410 4116 usbuhci - ok
22:22:55.0478 4116 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:22:55.0558 4116 usbvideo - ok
22:22:55.0602 4116 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
22:22:55.0650 4116 UxSms - ok
22:22:55.0718 4116 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
22:22:55.0783 4116 vds - ok
22:22:55.0860 4116 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:22:55.0893 4116 vga - ok
22:22:55.0935 4116 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
22:22:55.0968 4116 VgaSave - ok
22:22:56.0009 4116 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:22:56.0039 4116 viaagp - ok
22:22:56.0067 4116 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
22:22:56.0101 4116 ViaC7 - ok
22:22:56.0145 4116 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
22:22:56.0192 4116 viaide - ok
22:22:56.0205 4116 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:22:56.0225 4116 volmgr - ok
22:22:56.0313 4116 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:22:56.0342 4116 volmgrx - ok
22:22:56.0415 4116 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:22:56.0439 4116 volsnap - ok
22:22:56.0488 4116 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:22:56.0513 4116 vsmraid - ok
22:22:56.0707 4116 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
22:22:56.0869 4116 VSS - ok
22:22:56.0922 4116 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
22:22:57.0017 4116 W32Time - ok
22:22:57.0054 4116 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:22:57.0131 4116 WacomPen - ok
22:22:57.0193 4116 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:22:57.0231 4116 Wanarp - ok
22:22:57.0241 4116 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:22:57.0275 4116 Wanarpv6 - ok
22:22:57.0313 4116 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:22:57.0401 4116 wcncsvc - ok
22:22:57.0475 4116 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:22:57.0559 4116 WcsPlugInService - ok
22:22:57.0587 4116 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
22:22:57.0620 4116 Wd - ok
22:22:57.0843 4116 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:22:57.0993 4116 Wdf01000 - ok
22:22:58.0037 4116 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:22:58.0150 4116 WdiServiceHost - ok
22:22:58.0191 4116 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:22:58.0237 4116 WdiSystemHost - ok
22:22:58.0356 4116 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
22:22:58.0420 4116 WebClient - ok
22:22:58.0528 4116 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:22:58.0601 4116 Wecsvc - ok
22:22:58.0652 4116 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:22:58.0689 4116 wercplsupport - ok
22:22:58.0745 4116 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
22:22:58.0796 4116 WerSvc - ok
22:22:58.0854 4116 [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys
22:22:58.0916 4116 winbondcir - ok
22:22:58.0986 4116 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:22:59.0015 4116 WinDefend - ok
22:22:59.0025 4116 WinHttpAutoProxySvc - ok
22:22:59.0305 4116 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:22:59.0336 4116 Winmgmt - ok
22:22:59.0437 4116 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
22:22:59.0622 4116 WinRM - ok
22:22:59.0718 4116 [ 40B6CE57B2B209115C0426535D4253F2 ] WisLMSvc C:\Program Files\Launch Manager\WisLMSvc.exe
22:22:59.0740 4116 WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
22:22:59.0740 4116 WisLMSvc - detected UnsignedFile.Multi.Generic (1)
22:22:59.0820 4116 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:22:59.0875 4116 Wlansvc - ok
22:22:59.0953 4116 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:22:59.0970 4116 wlcrasvc - ok
22:23:00.0360 4116 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:23:00.0901 4116 wlidsvc - ok
22:23:00.0941 4116 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:23:00.0967 4116 WmiAcpi - ok
22:23:01.0019 4116 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:23:01.0067 4116 wmiApSrv - ok
22:23:01.0411 4116 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:23:01.0540 4116 WMPNetworkSvc - ok
22:23:01.0616 4116 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:23:01.0699 4116 WPCSvc - ok
22:23:01.0743 4116 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:23:01.0810 4116 WPDBusEnum - ok
22:23:01.0869 4116 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
22:23:01.0906 4116 WpdUsb - ok
22:23:02.0136 4116 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:23:02.0355 4116 WPFFontCache_v0400 - ok
22:23:02.0371 4116 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:23:02.0420 4116 ws2ifsl - ok
22:23:02.0477 4116 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
22:23:02.0518 4116 wscsvc - ok
22:23:02.0524 4116 WSearch - ok
22:23:02.0858 4116 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:23:03.0131 4116 wuauserv - ok
22:23:03.0260 4116 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:23:03.0293 4116 WudfPf - ok
22:23:03.0338 4116 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:23:03.0390 4116 WUDFRd - ok
22:23:03.0445 4116 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:23:03.0492 4116 wudfsvc - ok
22:23:03.0538 4116 ================ Scan global ===============================
22:23:03.0694 4116 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:23:03.0796 4116 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:23:03.0825 4116 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:23:03.0909 4116 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:23:03.0914 4116 [Global] - ok
22:23:03.0914 4116 ================ Scan MBR ==================================
22:23:03.0931 4116 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:23:08.0601 4116 \Device\Harddisk0\DR0 - ok
22:23:08.0602 4116 ================ Scan VBR ==================================
22:23:08.0642 4116 [ 226434F6689378E69755F756D98D2A98 ] \Device\Harddisk0\DR0\Partition1
22:23:08.0666 4116 \Device\Harddisk0\DR0\Partition1 - ok
22:23:08.0685 4116 [ A651BD80FD1FCE8D3AF5681ACEDF1769 ] \Device\Harddisk0\DR0\Partition2
22:23:08.0697 4116 \Device\Harddisk0\DR0\Partition2 - ok
22:23:08.0697 4116 ============================================================
22:23:08.0697 4116 Scan finished
22:23:08.0698 4116 ============================================================
22:23:08.0716 3992 Detected object count: 8
22:23:08.0716 3992 Actual detected object count: 8
22:23:22.0114 3992 AMDRAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:22.0114 3992 AMDRAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:22.0117 3992 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:22.0117 3992 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:22.0120 3992 FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:22.0120 3992 FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:22.0123 3992 Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:22.0124 3992 Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:22.0124 3992 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:22.0124 3992 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:22.0127 3992 tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:22.0127 3992 tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:22.0130 3992 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:22.0130 3992 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:22.0133 3992 WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:22.0133 3992 WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-08 22:25:15
-----------------------------
22:25:15.462 OS Version: Windows 6.0.6002 Service Pack 2
22:25:15.462 Number of processors: 2 586 0x301
22:25:15.468 ComputerName: HMHM-PC UserName: HmHm
22:25:31.108 Initialize success
22:34:54.183 AVAST engine defs: 13040802
22:37:03.299 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
22:37:03.302 Disk 0 Vendor: WDC_____ 11.0 Size: 305175MB BusType: 8
22:37:03.472 Disk 0 MBR read successfully
22:37:03.475 Disk 0 MBR scan
22:37:03.552 Disk 0 Windows VISTA default MBR code
22:37:03.575 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9000 MB offset 2048
22:37:03.590 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 96419 MB offset 18434048
22:37:03.611 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 199754 MB offset 215900160
22:37:03.620 Disk 0 scanning sectors +624997888
22:37:03.728 Disk 0 scanning C:\Windows\system32\drivers
22:37:15.790 Service scanning
22:37:29.043 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
22:37:29.199 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
22:37:29.245 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
22:37:29.285 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
22:37:29.348 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
22:37:29.422 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
22:37:43.642 Modules scanning
22:37:54.825 Disk 0 trace - called modules:
22:37:54.851 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys ahcix86s.sys
22:37:54.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88ca9360]
22:37:54.867 3 CLASSPNP.SYS[8b5a38b3] -> nt!IofCallDriver -> [0x886cadb8]
22:37:54.875 5 acpi.sys[84a096bc] -> nt!IofCallDriver -> \Device\00000064[0x886c6030]
22:37:56.749 AVAST engine scan C:\Windows
22:38:00.151 AVAST engine scan C:\Windows\system32
22:43:19.653 AVAST engine scan C:\Windows\system32\drivers
22:43:52.262 AVAST engine scan C:\Users\HmHm
23:00:41.397 AVAST engine scan C:\ProgramData
23:08:32.647 Scan finished successfully
23:09:18.653 Disk 0 MBR has been saved successfully to "C:\Users\HmHm\Desktop\MBR.dat"
23:09:18.699 The log file has been saved successfully to "C:\Users\HmHm\Desktop\aswMBR.txt"
Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 2371547136, free: 1017270272
------------ Kernel report ------------
04/07/2013 12:30:03
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\ymyqypg.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\drivers\ahcix86s.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\johci.sys
\SystemRoot\system32\DRIVERS\jmcr.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\winbondcir.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\amdiox86.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\System32\Drivers\btmusb.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\??\C:\Windows\system32\drivers\tcpipBM.sys
\SystemRoot\system32\DRIVERS\kltdi.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\??\C:\Windows\system32\drivers\HWiNFO32.SYS
\SystemRoot\System32\Drivers\Hotkey.SYS
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_ahcix86s.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Users\HmHm\AppData\Local\Temp\aswMBR.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8909fac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xffffffff88692538
Lower Device Driver Name: \Driver\ahcix86s\
Driver name found: ahcix86s
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\Storport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.04.07.02
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8909fac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8909f7b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8909fac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff88acaa60, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff88692538, DeviceName: \Device\00000066\, DriverName: \Driver\ahcix86s\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffacf7d168, 0xffffffff8909fac8, 0xffffffff8949d8a8
Lower DeviceData: 0xfffffffface4ccb8, 0xffffffff88692538, 0xffffffffa6cea0e8
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: EDB9ED76
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 18432000
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 18434048 Numsec = 197466112
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 215900160 Numsec = 409097728
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 319999967232 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-624979936-624999936)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x86
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 2371547136, free: 1142226944
=======================================
|
|
09.04.2013, 00:29
| #4 |
| /// TB-Ausbilder | Google Redirect Virus (?) Hi, dann suchen wir den Verursacher mal. Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
09.04.2013, 21:54
| #5 |
| | Google Redirect Virus (?) adwlog: Code:
ATTFilter # AdwCleaner v2.200 - Datei am 09/04/2013 um 21:37:56 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : HmHm - HMHM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\HmHm\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\HmHm\AppData\Roaming\Mozilla\Firefox\Profiles\09kxthrh.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\HmHm\AppData\Roaming\Mozilla\Firefox\Profiles\09kxthrh.default\searchplugins\daemon-search.xml
Datei Gelöscht : C:\Users\HmHm\AppData\Roaming\Mozilla\Firefox\Profiles\09kxthrh.default\searchplugins\icqplugin.xml
Ordner Gelöscht : C:\ProgramData\~0
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\HmHm\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\HmHm\AppData\Local\TempDir
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\HmHm\AppData\Roaming\Mozilla\Firefox\Profiles\09kxthrh.default\prefs.js
C:\Users\HmHm\AppData\Roaming\Mozilla\Firefox\Profiles\09kxthrh.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2504091.CTID", "CT2504091");
Gelöscht : user_pref("CT2504091.CurrentServerDate", "18-3-2010");
Gelöscht : user_pref("CT2504091.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2504091.EMailNotifierPollDate", "Thu Mar 18 2010 12:33:29 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedLastCount129079840422964131", 10);
Gelöscht : user_pref("CT2504091.FeedPollDate128891351169457132", "Thu Mar 18 2010 11:53:27 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedPollDate129079840422964131", "Thu Mar 18 2010 10:31:07 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedTTL128891351169457132", 40);
Gelöscht : user_pref("CT2504091.FirstServerDate", "18-3-2010");
Gelöscht : user_pref("CT2504091.FirstTime", true);
Gelöscht : user_pref("CT2504091.FirstTimeFF3", true);
Gelöscht : user_pref("CT2504091.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2504091.Initialize", true);
Gelöscht : user_pref("CT2504091.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2504091.InstalledDate", "Wed Mar 17 2010 23:14:37 GMT+0100");
Gelöscht : user_pref("CT2504091.IsGrouping", false);
Gelöscht : user_pref("CT2504091.IsMulticommunity", false);
Gelöscht : user_pref("CT2504091.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2504091.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2504091.LanguagePackLastCheckTime", "Wed Mar 17 2010 23:14:38 GMT+0100");
Gelöscht : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2504091.LastLogin_2.5.8.6", "Thu Mar 18 2010 10:44:42 GMT+0100");
Gelöscht : user_pref("CT2504091.LatestVersion", "2.1.0.18");
Gelöscht : user_pref("CT2504091.Locale", "en-us");
Gelöscht : user_pref("CT2504091.LoginCache", 4);
Gelöscht : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2504091.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Wed Mar 17 2010 23:14:37 GMT+0100");
Gelöscht : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2504091.SettingsLastCheckTime", "Thu Mar 18 2010 11:16:10 GMT+0100");
Gelöscht : user_pref("CT2504091.SettingsLastUpdate", "1265745383");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Wed Mar 17 2010 23:14:36 GMT+0100");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1265745383");
Gelöscht : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2504091.UserID", "UN09370230755109221");
Gelöscht : user_pref("CT2504091.alertChannelId", "897164");
Gelöscht : user_pref("CT2504091.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2504091.myStuffEnabled", true);
Gelöscht : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.live.com/results.aspx?FORM[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Gelöscht : user_pref("extensions.searchrecs@veoh.com.install-event-fired", true);
Gelöscht : user_pref("extensions.snipit.history_query", "baldurs%20gate=ASKURL=hxxp://www.ask.com/web?q=baldurs[...]
Gelöscht : user_pref("extensions.toolbar_W3I-G@apn.ask.com.install-event-fired", true);
Gelöscht : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision[...]
Gelöscht : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2");
Gelöscht : user_pref("extensions.veohsearchrecs.id", "6465ca266-b1b9-bd76-2c6e-0454bd16339");
Gelöscht : user_pref("extensions.veohsearchrecs.lastsitedate", "9");
Gelöscht : user_pref("extensions.veohsearchrecs.veohenabled", "false");
Gelöscht : user_pref("icqtoolbar.engineVerified", true);
Gelöscht : user_pref("icqtoolbar.history", "mobile||mobile.de||namen%20herkunft||johann");
Gelöscht : user_pref("icqtoolbar.installTime", "1274529432");
Gelöscht : user_pref("icqtoolbar.itbsitescount", 0);
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.3");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Gelöscht : user_pref("icqtoolbar.uniqueID", "127352563912735256781274529432903");
Gelöscht : user_pref("keyword.URL", "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=");
-\\ Google Chrome v26.0.1410.43
Datei : C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [8510 octets] - [09/04/2013 21:37:56]
########## EOF - C:\AdwCleaner[S1].txt - [8570 octets] ##########
Code:
ATTFilter OTL logfile created on: 09.04.2013 21:44:21 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HmHm\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,21 Gb Total Physical Memory | 0,40 Gb Available Physical Memory | 18,08% Memory free 4,64 Gb Paging File | 2,49 Gb Available in Paging File | 53,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,16 Gb Total Space | 35,55 Gb Free Space | 37,75% Space Free | Partition Type: NTFS Drive D: | 195,07 Gb Total Space | 169,06 Gb Free Space | 86,66% Space Free | Partition Type: NTFS Computer Name: HMHM-PC | User Name: HmHm | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.07 13:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe PRC - [2013.02.15 01:37:42 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.20 02:07:10 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2012.11.16 22:45:20 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.11.16 16:26:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2012.08.17 22:43:06 | 000,019,064 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\wmi32.exe PRC - [2011.07.20 12:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\LEsrv.exe PRC - [2011.07.20 12:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\audiosrv.exe PRC - [2011.07.20 12:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe PRC - [2011.06.17 20:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\obexsrv.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2008.07.22 04:05:00 | 000,139,264 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonClient.exe PRC - [2008.07.22 04:05:00 | 000,122,880 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonServer.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2007.07.27 04:41:00 | 000,023,040 | ---- | M] () -- C:\Windows\System32\BeepApp.exe PRC - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe PRC - [2006.12.14 17:04:04 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\AMD\RAIDXpert\_jvm\bin\java.exe PRC - [2003.09.29 09:00:00 | 000,110,592 | ---- | M] () -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe ========== Modules (No Company Name) ========== MOD - [2012.11.16 21:37:32 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2012.08.17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2013.03.14 01:20:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.08 22:14:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.15 01:37:42 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.20 02:07:10 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.11.16 16:26:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.07.20 12:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\LEsrv.exe -- (Bluetooth Low Energy Service) SRV - [2011.07.20 12:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service) SRV - [2011.07.20 12:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.17 20:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.15 15:51:44 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.09.29 09:00:00 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe -- (AMDRAIDXpert) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013.04.08 22:25:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013.03.31 19:52:48 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2013.02.17 15:58:48 | 000,021,624 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\System32\drivers\HWiNFO32.SYS -- (HWiNFO32) DRV - [2013.02.01 11:47:14 | 000,148,208 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.11.20 02:16:23 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012.11.20 02:16:23 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi) DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.11.16 21:38:48 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.11.09 22:25:58 | 000,454,288 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012.08.13 17:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps) DRV - [2012.08.02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2012.07.16 16:38:22 | 000,023,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\johci.sys -- (johci) DRV - [2012.06.19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2011.07.25 20:09:16 | 000,564,736 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmusb.sys -- (BTMUSB) DRV - [2011.02.22 18:51:28 | 000,041,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmcom.sys -- (BTMCOM) DRV - [2010.02.18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser) DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea) DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm) DRV - [2010.02.11 05:29:56 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.12.15 04:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.08 00:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008.10.08 07:15:12 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2008.04.28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2008.04.03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2007.05.11 16:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes\{CC92B58A-F3A6-4963-B2C9-2FE339A97871}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "googel.com" FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.0.3 FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.5 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: ff-bmboc%40bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\HmHm\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.02.15 01:41:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.02.15 01:41:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.02.15 01:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.02.15 01:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.02.15 01:41:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internetmanager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.03.30 02:15:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:14:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.07 06:51:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.04 21:21:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.04 21:21:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:14:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.07 06:51:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.04 21:21:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.04 21:21:10 | 000,000,000 | ---D | M] [2010.11.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Extensions [2010.11.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.04.06 23:49:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions [2010.08.15 14:35:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.04.05 22:03:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\ich@maltegoetz.de [2012.02.10 11:47:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\piclens@cooliris.com [2010.03.08 15:19:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\searchrecs@veoh.com [2013.02.14 21:59:31 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2013.02.14 23:10:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.06 23:49:45 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.12.01 12:48:30 | 000,077,690 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi [2010.04.12 17:33:03 | 000,001,819 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\searchplugins\bing.xml [2013.03.08 22:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.30 02:15:40 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 11.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2010.04.01 14:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNETMANAGER\BIN\ADDON [2013.02.15 01:41:22 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2013.03.08 22:14:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.19 14:42:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 02:32:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.19 14:42:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.06 10:11:01 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2012.06.19 14:42:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 14:42:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 14:42:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://de.pokerstrategy.com/home/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google-Suche = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\ CHR - Extension: FB unseen = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcedcpmfdpjijiamkaeaefgfagnnpei\0.1.0_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Google Mail = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Mail = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Anti-Banner = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ CHR - Extension: Anti-Banner = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKU\.DEFAULT..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found O4 - HKU\S-1-5-18..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\HmHm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HmHm\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O7 - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\Resources\deu.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\Resources\deu.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm () O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80424655-1B4B-44CD-8CBC-683ED8726E55}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{55e4d7f3-f6b0-11e0-bd2f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{55e4d7f3-f6b0-11e0-bd2f-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Data\setup.exe O33 - MountPoints2\{74261fc6-773a-11e2-af1e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{74261fc6-773a-11e2-af1e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.08 22:25:40 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.04.07 22:03:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.07 13:39:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe [2013.04.07 02:11:25 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\HmHm\Desktop\aswMBR.exe [2013.04.07 01:23:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe [2013.04.07 00:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.04.07 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Roaming\Malwarebytes [2013.04.07 00:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.07 00:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.07 00:46:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.07 00:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.05 23:27:32 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Documents\ProcAlyzer Dumps [2013.04.05 22:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.04.05 01:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.04.04 23:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.04.04 23:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2013.04.04 21:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.03.31 20:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.03.31 20:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.31 19:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013.03.31 19:52:48 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013.03.31 19:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2013.03.30 10:51:48 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Roaming\HpUpdate [2013.03.30 10:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013.03.30 10:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013.03.30 10:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013.03.30 10:43:30 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Local\HP [2013.03.30 01:09:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.03.29 14:01:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.03.29 13:37:54 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\HmHm\Desktop\tdsskiller.exe [2013.03.29 10:47:27 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Desktop\Filme [2013.03.29 10:38:06 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Desktop\Büro [2013.03.22 23:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.11 00:55:37 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmnet.dll [2013.03.11 00:55:37 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bminstall.dll [2013.03.11 00:55:37 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmdumpd.bin [2013.03.11 00:55:37 | 000,024,192 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\tcpipBM.sys [2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys [2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys [2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys [2013.03.11 00:54:42 | 000,010,240 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\massfilter.sys [2013.03.11 00:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\congstar Internet-Manager [2013.03.11 00:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\congstar ========== Files - Modified Within 30 Days ========== [2013.04.09 21:41:10 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.09 21:41:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 21:41:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 21:40:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.09 21:40:53 | 2372,464,640 | -HS- | M] () -- C:\hiberfil.sys [2013.04.09 21:39:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.04.09 21:32:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.09 21:29:08 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068858174-2851846924-383880506-1000UA.job [2013.04.09 21:23:21 | 000,022,620 | ---- | M] () -- C:\Users\HmHm\Desktop\RS_CS_Kombicheck April_R1.ods [2013.04.09 21:20:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.09 21:15:20 | 000,613,083 | ---- | M] () -- C:\Users\HmHm\Desktop\adwcleaner.exe [2013.04.08 23:09:18 | 000,000,512 | ---- | M] () -- C:\Users\HmHm\Desktop\MBR.dat [2013.04.08 22:29:02 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068858174-2851846924-383880506-1000Core.job [2013.04.08 22:25:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.04.07 15:27:41 | 000,640,404 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.07 15:27:41 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.07 15:27:41 | 000,130,456 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.07 15:27:41 | 000,108,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.07 13:44:35 | 000,377,856 | ---- | M] () -- C:\Users\HmHm\Desktop\gmer_2.1.19163.exe [2013.04.07 13:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe [2013.04.07 12:11:52 | 000,000,512 | ---- | M] () -- C:\Users\HmHm\Documents\MBR.dat [2013.04.07 02:26:42 | 000,000,020 | ---- | M] () -- C:\Users\HmHm\defogger_reenable [2013.04.07 02:15:08 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\HmHm\Desktop\aswMBR.exe [2013.04.07 01:23:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe [2013.04.07 00:46:13 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.07 00:15:02 | 000,050,477 | ---- | M] () -- C:\Users\HmHm\Desktop\Defogger.exe [2013.04.05 17:24:30 | 000,004,936 | ---- | M] () -- C:\Users\HmHm\Documents\cc_20130405_172425.reg [2013.04.02 01:30:57 | 000,002,082 | ---- | M] () -- C:\Users\HmHm\Desktop\Google Chrome.lnk [2013.03.31 19:55:03 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.03.31 19:52:48 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013.03.30 10:51:23 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk [2013.03.30 10:51:22 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6600.lnk [2013.03.30 10:51:19 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk [2013.03.30 10:45:12 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013.03.30 02:30:51 | 000,338,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.30 02:16:30 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk [2013.03.30 02:16:30 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk [2013.03.29 13:38:39 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\HmHm\Desktop\tdsskiller.exe [2013.03.29 11:24:27 | 000,000,995 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.29 11:23:58 | 000,000,961 | ---- | M] () -- C:\Users\HmHm\Desktop\Dropbox.lnk [2013.03.11 00:54:28 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk ========== Files Created - No Company Name ========== [2013.04.09 21:23:17 | 000,022,620 | ---- | C] () -- C:\Users\HmHm\Desktop\RS_CS_Kombicheck April_R1.ods [2013.04.09 21:14:39 | 000,613,083 | ---- | C] () -- C:\Users\HmHm\Desktop\adwcleaner.exe [2013.04.08 23:09:18 | 000,000,512 | ---- | C] () -- C:\Users\HmHm\Desktop\MBR.dat [2013.04.07 13:41:21 | 000,377,856 | ---- | C] () -- C:\Users\HmHm\Desktop\gmer_2.1.19163.exe [2013.04.07 13:33:25 | 000,050,477 | ---- | C] () -- C:\Users\HmHm\Desktop\Defogger.exe [2013.04.07 12:11:52 | 000,000,512 | ---- | C] () -- C:\Users\HmHm\Documents\MBR.dat [2013.04.07 02:25:23 | 000,000,020 | ---- | C] () -- C:\Users\HmHm\defogger_reenable [2013.04.07 00:46:13 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.06 22:57:05 | 2372,464,640 | -HS- | C] () -- C:\hiberfil.sys [2013.04.05 17:24:29 | 000,004,936 | ---- | C] () -- C:\Users\HmHm\Documents\cc_20130405_172425.reg [2013.03.31 19:55:03 | 000,001,741 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.03.30 10:51:23 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk [2013.03.30 10:51:22 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6600.lnk [2013.03.30 10:51:19 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk [2013.03.30 10:45:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.03.30 02:16:30 | 000,002,437 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk [2013.03.30 02:16:30 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk [2013.03.30 02:16:30 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk [2013.03.30 02:16:30 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk [2013.03.30 02:16:30 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk [2013.03.11 00:54:28 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk [2013.02.15 08:47:43 | 000,396,597 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.11.16 21:37:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2012.11.16 17:01:04 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.06.04 18:27:28 | 000,000,448 | ---- | C] () -- C:\ProgramData\dobkrujvufrlmra [2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.10.20 19:28:09 | 000,000,680 | ---- | C] () -- C:\Users\HmHm\AppData\Local\d3d9caps.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.09.04 00:10:37 | 000,000,104 | ---- | C] () -- C:\Users\HmHm\Papierkorb.lnk [2011.08.27 23:07:26 | 000,017,408 | ---- | C] () -- C:\Users\HmHm\AppData\Local\WebpageIcons.db [2011.06.01 13:50:01 | 000,000,045 | ---- | C] () -- C:\Users\HmHm\AppData\Local\machpro.dat [2011.06.01 10:29:22 | 000,337,856 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat [2010.12.29 23:02:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.30 21:11:20 | 000,026,112 | ---- | C] () -- C:\Users\HmHm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.10 00:01:36 | 000,000,262 | ---- | C] () -- C:\Users\HmHm\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.14 22:33:58 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Applian FLV and Media Player [2011.05.14 14:29:14 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Azureus [2011.07.15 01:39:07 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Canon [2013.03.31 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\DAEMON Tools Lite [2012.07.29 23:55:13 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Downloaded Installations [2013.04.09 21:41:30 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Dropbox [2013.02.14 21:59:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\GrabIt [2011.08.28 00:53:58 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Gutscheinmieze [2011.06.01 09:30:56 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\HEM Data [2011.10.15 00:06:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Internetmanager [2012.07.30 00:02:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Nitro PDF [2010.11.29 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\OpenOffice.org [2009.10.26 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\postgresql [2011.08.22 08:20:27 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Template [2010.11.29 12:25:57 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Thunderbird [2013.03.30 01:10:34 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\TuneUp Software [2012.07.21 22:53:31 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\UDC Profiles [2012.04.16 15:50:11 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > |
|
09.04.2013, 22:28
| #6 |
| /// TB-Ausbilder | Google Redirect Virus (?) Hi, mach bitte folgende Schritte und kontrolliere dann, ob die Umleitungen noch vorhanden sind oder nicht mehr.
Code:
ATTFilter :OTL
[2013.02.14 21:59:31 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9
[2012.06.04 18:27:28 | 000,000,448 | ---- | C] () -- C:\ProgramData\dobkrujvufrlmra
[2011.06.06 10:11:01 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
:commands
[emptytemp]
Schritt 2 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ --> Google Redirect Virus (?) |
|
11.04.2013, 23:48
| #7 |
| | Google Redirect Virus (?) Danke für die Hilfe  Es scheint geholfen zu haben. Beim ersten "Fix-Versuch" hatte sich der Laptop "aufgehängt", jedoch wurden die Dateien und Einträge trotzdem gelöscht. Beim zweiten "Fix-Versuch" lief alles glatt. date_time>.log (vom zweiten "Fix-Versuch)" Code:
ATTFilter All processes killed
========== OTL ==========
File C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi not found.
Unable to delete ADS C:\ProgramData\TEMP:CB0AACC9 .
File C:\ProgramData\dobkrujvufrlmra not found.
File C:\Program Files\mozilla firefox\searchplugins\foxsearch.src not found.
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: HmHm
->Temp folder emptied: 132786441 bytes
->Temporary Internet Files folder emptied: 105058355 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 50627730 bytes
->Google Chrome cache emptied: 6500561 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24589336 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 305,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04102013_001229
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\hsperfdata_SYSTEM\656 not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter OTL logfile created on: 11.04.2013 21:39:30 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HmHm\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,21 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 60,34% Memory free 4,64 Gb Paging File | 3,75 Gb Available in Paging File | 80,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,16 Gb Total Space | 35,77 Gb Free Space | 37,99% Space Free | Partition Type: NTFS Drive D: | 195,07 Gb Total Space | 169,06 Gb Free Space | 86,66% Space Free | Partition Type: NTFS Computer Name: HMHM-PC | User Name: HmHm | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.07 13:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe PRC - [2013.02.15 01:37:42 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.16 22:45:20 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.11.16 16:26:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2011.07.20 12:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\LEsrv.exe PRC - [2011.07.20 12:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\audiosrv.exe PRC - [2011.07.20 12:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe PRC - [2011.06.17 20:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\obexsrv.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2008.07.22 04:05:00 | 000,139,264 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonClient.exe PRC - [2008.07.22 04:05:00 | 000,122,880 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonServer.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2007.07.27 04:41:00 | 000,023,040 | ---- | M] () -- C:\Windows\System32\BeepApp.exe PRC - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe PRC - [2006.12.14 17:04:04 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\AMD\RAIDXpert\_jvm\bin\java.exe PRC - [2003.09.29 09:00:00 | 000,110,592 | ---- | M] () -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe ========== Modules (No Company Name) ========== MOD - [2012.11.16 21:37:32 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2013.03.14 01:20:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.08 22:14:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.15 01:37:42 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.20 02:07:10 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.11.16 16:26:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.07.20 12:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\LEsrv.exe -- (Bluetooth Low Energy Service) SRV - [2011.07.20 12:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service) SRV - [2011.07.20 12:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.17 20:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.15 15:51:44 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.09.29 09:00:00 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe -- (AMDRAIDXpert) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013.04.08 22:25:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013.03.31 19:52:48 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2013.02.17 15:58:48 | 000,021,624 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\System32\drivers\HWiNFO32.SYS -- (HWiNFO32) DRV - [2013.02.01 11:47:14 | 000,148,208 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.11.20 02:16:23 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012.11.20 02:16:23 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi) DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.11.16 21:38:48 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.11.09 22:25:58 | 000,454,288 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012.08.13 17:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps) DRV - [2012.08.02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2012.07.16 16:38:22 | 000,023,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\johci.sys -- (johci) DRV - [2012.06.19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2011.07.25 20:09:16 | 000,564,736 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmusb.sys -- (BTMUSB) DRV - [2011.02.22 18:51:28 | 000,041,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmcom.sys -- (BTMCOM) DRV - [2010.02.18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser) DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea) DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm) DRV - [2010.02.11 05:29:56 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.12.15 04:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.08 00:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008.10.08 07:15:12 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2008.04.28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2008.04.03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2007.05.11 16:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes\{CC92B58A-F3A6-4963-B2C9-2FE339A97871}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "googel.com" FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.0.3 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: ff-bmboc%40bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\HmHm\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.02.15 01:41:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.02.15 01:41:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.02.15 01:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.02.15 01:41:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.02.15 01:41:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internetmanager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.03.30 02:15:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:14:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.07 06:51:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.04 21:21:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.04 21:21:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:14:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.07 06:51:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.04 21:21:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.04 21:21:10 | 000,000,000 | ---D | M] [2010.11.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Extensions [2010.11.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.04.09 23:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions [2010.08.15 14:35:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.04.05 22:03:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\ich@maltegoetz.de [2012.02.10 11:47:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\piclens@cooliris.com [2010.03.08 15:19:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\searchrecs@veoh.com [2013.02.14 23:10:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.06 23:49:45 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.12.01 12:48:30 | 000,077,690 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi [2010.04.12 17:33:03 | 000,001,819 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\searchplugins\bing.xml [2013.03.08 22:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.30 02:15:40 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 11.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2010.04.01 14:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNETMANAGER\BIN\ADDON [2013.02.15 01:41:22 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2013.03.08 22:14:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.19 14:42:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 02:32:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.19 14:42:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 14:42:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 14:42:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 14:42:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://de.pokerstrategy.com/home/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google-Suche = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\ CHR - Extension: FB unseen = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcedcpmfdpjijiamkaeaefgfagnnpei\0.1.0_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Google Mail = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Google Mail = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Anti-Banner = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ CHR - Extension: Anti-Banner = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKU\.DEFAULT..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found O4 - HKU\S-1-5-18..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\HmHm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HmHm\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O7 - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\Resources\deu.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\Resources\deu.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm () O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80424655-1B4B-44CD-8CBC-683ED8726E55}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{55e4d7f3-f6b0-11e0-bd2f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{55e4d7f3-f6b0-11e0-bd2f-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Data\setup.exe O33 - MountPoints2\{74261fc6-773a-11e2-af1e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{74261fc6-773a-11e2-af1e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.09 23:39:58 | 000,000,000 | ---D | C] -- C:\_OTL [2013.04.08 22:25:40 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.04.07 22:03:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.07 13:39:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe [2013.04.07 02:11:25 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\HmHm\Desktop\aswMBR.exe [2013.04.07 01:23:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe [2013.04.07 00:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.04.07 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Roaming\Malwarebytes [2013.04.07 00:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.07 00:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.07 00:46:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.07 00:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.05 23:27:32 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Documents\ProcAlyzer Dumps [2013.04.05 22:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.04.05 01:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.04.04 23:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.04.04 23:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2013.04.04 21:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.03.31 20:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.03.31 20:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.31 19:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013.03.31 19:52:48 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013.03.31 19:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2013.03.30 10:51:48 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Roaming\HpUpdate [2013.03.30 10:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013.03.30 10:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013.03.30 10:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013.03.30 10:43:30 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Local\HP [2013.03.30 01:09:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.03.29 14:01:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.03.29 13:37:54 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\HmHm\Desktop\tdsskiller.exe [2013.03.29 10:47:27 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Desktop\Filme [2013.03.29 10:38:06 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Desktop\Büro [2013.03.22 23:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ========== Files - Modified Within 30 Days ========== [2013.04.11 21:37:43 | 000,022,880 | ---- | M] () -- C:\Users\HmHm\Desktop\RS_CS_Kombicheck April_R1.ods [2013.04.11 21:32:24 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.11 21:31:45 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068858174-2851846924-383880506-1000UA.job [2013.04.11 21:31:35 | 000,002,082 | ---- | M] () -- C:\Users\HmHm\Desktop\Google Chrome.lnk [2013.04.11 21:20:44 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.11 21:09:53 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.11 21:09:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.11 21:09:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.11 21:09:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.11 21:09:37 | 2372,464,640 | -HS- | M] () -- C:\hiberfil.sys [2013.04.10 23:12:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.04.10 22:29:03 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068858174-2851846924-383880506-1000Core.job [2013.04.09 21:15:20 | 000,613,083 | ---- | M] () -- C:\Users\HmHm\Desktop\adwcleaner.exe [2013.04.08 23:09:18 | 000,000,512 | ---- | M] () -- C:\Users\HmHm\Desktop\MBR.dat [2013.04.08 22:25:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.04.07 15:27:41 | 000,640,404 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.07 15:27:41 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.07 15:27:41 | 000,130,456 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.07 15:27:41 | 000,108,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.07 13:44:35 | 000,377,856 | ---- | M] () -- C:\Users\HmHm\Desktop\gmer_2.1.19163.exe [2013.04.07 13:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe [2013.04.07 12:11:52 | 000,000,512 | ---- | M] () -- C:\Users\HmHm\Documents\MBR.dat [2013.04.07 02:26:42 | 000,000,020 | ---- | M] () -- C:\Users\HmHm\defogger_reenable [2013.04.07 02:15:08 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\HmHm\Desktop\aswMBR.exe [2013.04.07 01:23:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe [2013.04.07 00:46:13 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.07 00:15:02 | 000,050,477 | ---- | M] () -- C:\Users\HmHm\Desktop\Defogger.exe [2013.04.05 17:24:30 | 000,004,936 | ---- | M] () -- C:\Users\HmHm\Documents\cc_20130405_172425.reg [2013.03.31 19:55:03 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.03.31 19:52:48 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2013.03.30 10:51:23 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk [2013.03.30 10:51:22 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6600.lnk [2013.03.30 10:51:19 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk [2013.03.30 10:45:12 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013.03.30 02:30:51 | 000,338,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.30 02:16:30 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk [2013.03.30 02:16:30 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk [2013.03.29 13:38:39 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\HmHm\Desktop\tdsskiller.exe [2013.03.29 11:24:27 | 000,000,995 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.29 11:23:58 | 000,000,961 | ---- | M] () -- C:\Users\HmHm\Desktop\Dropbox.lnk ========== Files Created - No Company Name ========== [2013.04.09 21:23:17 | 000,022,880 | ---- | C] () -- C:\Users\HmHm\Desktop\RS_CS_Kombicheck April_R1.ods [2013.04.09 21:14:39 | 000,613,083 | ---- | C] () -- C:\Users\HmHm\Desktop\adwcleaner.exe [2013.04.08 23:09:18 | 000,000,512 | ---- | C] () -- C:\Users\HmHm\Desktop\MBR.dat [2013.04.07 13:41:21 | 000,377,856 | ---- | C] () -- C:\Users\HmHm\Desktop\gmer_2.1.19163.exe [2013.04.07 13:33:25 | 000,050,477 | ---- | C] () -- C:\Users\HmHm\Desktop\Defogger.exe [2013.04.07 12:11:52 | 000,000,512 | ---- | C] () -- C:\Users\HmHm\Documents\MBR.dat [2013.04.07 02:25:23 | 000,000,020 | ---- | C] () -- C:\Users\HmHm\defogger_reenable [2013.04.07 00:46:13 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.06 22:57:05 | 2372,464,640 | -HS- | C] () -- C:\hiberfil.sys [2013.04.05 17:24:29 | 000,004,936 | ---- | C] () -- C:\Users\HmHm\Documents\cc_20130405_172425.reg [2013.03.31 19:55:03 | 000,001,741 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.03.30 10:51:23 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk [2013.03.30 10:51:22 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6600.lnk [2013.03.30 10:51:19 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk [2013.03.30 10:45:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.03.30 02:16:30 | 000,002,437 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk [2013.03.30 02:16:30 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk [2013.03.30 02:16:30 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk [2013.03.30 02:16:30 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk [2013.03.30 02:16:30 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk [2013.02.15 08:47:43 | 000,396,597 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.11.16 21:37:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2012.11.16 17:01:04 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.10.20 19:28:09 | 000,000,680 | ---- | C] () -- C:\Users\HmHm\AppData\Local\d3d9caps.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.09.04 00:10:37 | 000,000,104 | ---- | C] () -- C:\Users\HmHm\Papierkorb.lnk [2011.08.27 23:07:26 | 000,017,408 | ---- | C] () -- C:\Users\HmHm\AppData\Local\WebpageIcons.db [2011.06.01 13:50:01 | 000,000,045 | ---- | C] () -- C:\Users\HmHm\AppData\Local\machpro.dat [2011.06.01 10:29:22 | 000,337,856 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat [2010.12.29 23:02:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.30 21:11:20 | 000,026,112 | ---- | C] () -- C:\Users\HmHm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.10 00:01:36 | 000,000,262 | ---- | C] () -- C:\Users\HmHm\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.14 22:33:58 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Applian FLV and Media Player [2011.05.14 14:29:14 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Azureus [2011.07.15 01:39:07 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Canon [2013.03.31 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\DAEMON Tools Lite [2012.07.29 23:55:13 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Downloaded Installations [2013.04.11 21:14:39 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Dropbox [2013.02.14 21:59:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\GrabIt [2011.08.28 00:53:58 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Gutscheinmieze [2011.06.01 09:30:56 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\HEM Data [2011.10.15 00:06:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Internetmanager [2012.07.30 00:02:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Nitro PDF [2010.11.29 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\OpenOffice.org [2009.10.26 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\postgresql [2011.08.22 08:20:27 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Template [2010.11.29 12:25:57 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Thunderbird [2013.03.30 01:10:34 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\TuneUp Software [2012.07.21 22:53:31 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\UDC Profiles [2012.04.16 15:50:11 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > |
|
12.04.2013, 01:35
| #8 | |
| /// TB-Ausbilder | Google Redirect Virus (?) Hallo, Zitat:
Schritt 1
Schritt 2
Schritt 3 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
14.04.2013, 14:08
| #9 |
| | Google Redirect Virus (?) Hier die Logs: MWAB-Log Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.13.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 HmHm :: HMHM-PC [Administrator] Schutz: Deaktiviert 14.04.2013 10:15:40 mbam-log-2013-04-14 (10-15-40).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 230437 Laufzeit: 18 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Pands-Log: Code:
ATTFilter Broken Link. FILE: File not found:C:\FSC-REG\FSCREG.EXE to be deleted.
Broken Link. REGKEY: HKUS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[fsc-reg]. Value: fsc-reg To be deleted.
Broken Link. REGKEY: HKUS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[fsc-reg]. Value: fsc-reg To be deleted.
Broken Link. FILE: File not found:C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\VEOHWEBPLAYER.EXE "/VISTARUNASSTDUSER" to be deleted.
Broken Link. TASK: Task\[RunAsStdUser Task for VeohWebPlayer]. Task to be deleted.
Broken Link. FILE: File not found:C:\PROGRAM FILES\COMPUTER UPDATER\COMPUTERUP-DATER.EXE to be deleted.
Broken Link. REGKEY: HKUS\S-1-5-21-3068858174-2851846924-383880506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[Computer Updater]. Value: Computer Updater To be deleted.
Broken Link. FILE: File not found:C:\PROGRAM FILES\SMART PC CLEANER\SPCLAUNCHER.EXE to be deleted.
Broken Link. REGKEY: HKUS\S-1-5-21-3068858174-2851846924-383880506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[Smart PC Cleaner]. Value: Smart PC Cleaner To be deleted.
Broken Link. FILE: File not found:C:\PROGRAM FILES\PC SPEED UP\PCSUNOTIFIER.EXE to be deleted.
Broken Link. REGKEY: HKUS\S-1-5-21-3068858174-2851846924-383880506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[PCSpeedUp]. Value: PCSpeedUp To be deleted.
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
Security-Check-Log: Code:
ATTFilter Results of screen317's Security Check version 0.99.62 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Panda Cloud Cleaner Java 7 Update 17 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (20.0.1) Mozilla Thunderbird (17.0.5) Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````  Sehr schnelle und verständliche Hilfe  Muss ich mir eigentlich Sorgen um meine Passwörter machen oder war der Virus/Trojaner "harmlos"? |
|
14.04.2013, 14:12
| #10 | |
| /// TB-Ausbilder | Google Redirect Virus (?) Hi, Zitat:
Es bleiben nur noch Aufräumarbeiten zu tun. Schritt 1 Dein Flashplayer ist veraltet. Installiere folgendermassen die aktuelle Version:
Schritt 2 Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
15.04.2013, 23:12
| #11 |
| | Google Redirect Virus (?) Ein großen aufrichten Dank von mir :-) Die Hilfe und Erklärungen waren super und leicht verständlich. Alles funktioniert einwandfrei und ich habe keine Fragen mehr. |
|
15.04.2013, 23:29
| #12 |
| /// TB-Ausbilder | Google Redirect Virus (?) Danke für die Rückmeldung. Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu Google Redirect Virus (?) |
| antivirus, bho, c:\windows\system32\cmd.exe, driver genius, ebanking, error, eset nod32, fehler, firefox, flash player, format, google, helper, home, install.exe, internet security 2013, intranet, kaspersky internet security 2013, launch, mozilla, office 2007, officejet, plug-in, problem, prozesse, realtek, registry, rootkit, rundll, security, senden, software, super, svchost.exe, tastatur, udp, virus, vista |
Textbox.
Hybrid-Darstellung
