Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google Redirect Virus (?)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 08.04.2013, 08:54   #1
HabKeinNick
 
Google Redirect Virus (?) - Beitrag

Google Redirect Virus (?)



Hallo,

ich hab ein (großes ?) Problem mit meinem Laptop. Bei der Googlesuche auf meinem Laptop sind die Suchergebnisse 2-7 die angezeigt werden irgendein Spam- oder Phishingmüll. Auch läuft er sehr langsam. Die im Taskmanger angezeigten laufenden Prozesse ergeben i.d.R. aufaddiert höchstens 10 - 20%, trotzdem ist die CPU-Auslastung (fast) immer bei 100%. Aufgrund der 100% Auslastung läuft alles sehr langsam (auch die Scans mit Virenprogrammen) und der Laptop überhitzt sehr schnell.

Ich habe ihn mit Malwarebytes Anti-Malware, HitmannPro, NOD32 und Spybot gescannt, jedoch ohne etwas zu finden.

Auch habt ich TDSSKaspersky und Malwarebytes Rootkit und AVAST Rootkit laufen lassen ohne irgendetwas auffälliges zu finden.

Ich bin total ratlos

Jetzt habe ich - nachdem ich den defrogger laufengelassen hatte - mit OLT und GMER den Laptop gescannt.

Hier die Logfiles:

OLT.txt:

Code:
ATTFilter
OTL logfile created on: 07.04.2013 22:25:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\HmHm\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,21 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 70,74% Memory free
4,64 Gb Paging File | 3,63 Gb Available in Paging File | 78,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 37,21 Gb Free Space | 39,51% Space Free | Partition Type: NTFS
Drive D: | 195,07 Gb Total Space | 169,06 Gb Free Space | 86,66% Space Free | Partition Type: NTFS
 
Computer Name: HMHM-PC | User Name: HmHm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.04.07 13:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe
PRC - [2013.02.15 01:37:42 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.16 22:45:20 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.11.16 16:26:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.07.20 12:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\LEsrv.exe
PRC - [2011.07.20 12:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\audiosrv.exe
PRC - [2011.07.20 12:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe
PRC - [2011.06.17 20:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\obexsrv.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.02.02 05:12:10 | 000,387,584 | ---- | M] (ZTE) -- C:\Programme\congstar\Internetmanager\Bin\BMController.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2008.07.22 04:05:00 | 000,139,264 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonClient.exe
PRC - [2008.07.22 04:05:00 | 000,122,880 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonServer.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.07.27 04:41:00 | 000,023,040 | ---- | M] () -- C:\Windows\System32\BeepApp.exe
PRC - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
PRC - [2006.12.14 17:04:04 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\AMD\RAIDXpert\_jvm\bin\java.exe
PRC - [2003.09.29 09:00:00 | 000,110,592 | ---- | M] () -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.16 21:37:32 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2010.01.29 10:47:30 | 000,129,024 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\BIOptimizationClient.dll
MOD - [2010.01.29 10:45:10 | 000,160,768 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\BIXml.dll
MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.14 01:20:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 22:14:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.15 01:37:42 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.20 02:07:10 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.11.16 16:26:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011.07.20 12:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\LEsrv.exe -- (Bluetooth Low Energy Service)
SRV - [2011.07.20 12:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV - [2011.07.20 12:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.17 20:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.15 15:51:44 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.09.29 09:00:00 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe -- (AMDRAIDXpert)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\ehdrv.sys -- (ehdrv)
DRV - File not found [File_System | Disabled | Running] -- system32\DRIVERS\eamonm.sys -- (eamonm)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\HmHm\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013.03.31 19:52:48 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013.02.17 15:58:48 | 000,021,624 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\System32\drivers\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2013.02.01 11:47:14 | 000,148,208 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.11.20 02:16:23 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.11.20 02:16:23 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.11.16 21:38:48 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.11.09 22:25:58 | 000,454,288 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012.08.13 17:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012.08.02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012.07.16 16:38:22 | 000,023,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\johci.sys -- (johci)
DRV - [2012.06.19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2011.07.25 20:09:16 | 000,564,736 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmusb.sys -- (BTMUSB)
DRV - [2011.02.22 18:51:28 | 000,041,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmcom.sys -- (BTMCOM)
DRV - [2010.02.18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV - [2010.02.11 05:29:56 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.12.15 04:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.08 00:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.10.08 07:15:12 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008.04.28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008.04.03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2007.05.11 16:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{CC92B58A-F3A6-4963-B2C9-2FE339A97871}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "googel.com"
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.0.3
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: ff-bmboc%40bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\HmHm\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.02.15 01:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.02.15 01:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.02.15 01:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.02.15 01:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.02.15 01:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internetmanager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.03.30 02:15:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:14:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.07 06:51:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.04 21:21:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.04 21:21:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:14:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.07 06:51:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.04 21:21:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.04 21:21:10 | 000,000,000 | ---D | M]
 
[2010.11.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Extensions
[2010.11.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.04.06 23:49:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions
[2010.08.15 14:35:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.04.05 22:03:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\ich@maltegoetz.de
[2012.02.10 11:47:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\piclens@cooliris.com
[2010.03.08 15:19:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\searchrecs@veoh.com
[2013.02.14 21:59:31 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2013.02.14 23:10:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.06 23:49:45 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.12.01 12:48:30 | 000,077,690 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2010.04.12 17:33:03 | 000,001,819 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\searchplugins\bing.xml
[2010.03.18 07:59:07 | 000,002,055 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\searchplugins\daemon-search.xml
[2013.03.29 10:29:29 | 000,000,947 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\searchplugins\icqplugin.xml
[2013.03.08 22:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.30 02:15:40 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 11.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2010.04.01 14:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNETMANAGER\BIN\ADDON
[2013.02.15 01:41:22 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2013.03.08 22:14:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.19 14:42:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 02:32:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.19 14:42:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.06 10:11:01 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2012.06.19 14:42:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 14:42:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 14:42:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://de.pokerstrategy.com/home/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://de.pokerstrategy.com/home/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: FB unseen = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcedcpmfdpjijiamkaeaefgfagnnpei\0.1.0_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Google Mail = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\HmHm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HmHm\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\Resources\deu.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\Resources\deu.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80424655-1B4B-44CD-8CBC-683ED8726E55}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{55e4d7f3-f6b0-11e0-bd2f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55e4d7f3-f6b0-11e0-bd2f-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Data\setup.exe
O33 - MountPoints2\{74261fc6-773a-11e2-af1e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74261fc6-773a-11e2-af1e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.07 22:03:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.07 13:39:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe
[2013.04.07 01:23:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.04.07 00:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.04.07 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Roaming\Malwarebytes
[2013.04.07 00:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.07 00:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.07 00:46:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.07 00:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.04.05 23:27:32 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Documents\ProcAlyzer Dumps
[2013.04.05 22:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.04.05 01:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.04.04 23:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.04.04 23:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013.04.04 21:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.03.31 20:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.03.31 20:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.31 19:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.03.31 19:52:48 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.03.31 19:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2013.03.30 10:51:48 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Roaming\HpUpdate
[2013.03.30 10:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.03.30 10:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013.03.30 10:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.03.30 10:43:30 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Local\HP
[2013.03.30 01:09:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.03.29 14:01:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.03.29 10:47:27 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Desktop\Filme
[2013.03.29 10:38:06 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Desktop\Büro
[2013.03.22 23:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.11 00:55:37 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmnet.dll
[2013.03.11 00:55:37 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bminstall.dll
[2013.03.11 00:55:37 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmdumpd.bin
[2013.03.11 00:55:37 | 000,024,192 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\tcpipBM.sys
[2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys
[2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys
[2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys
[2013.03.11 00:54:42 | 000,010,240 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2013.03.11 00:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\congstar Internet-Manager
[2013.03.11 00:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\congstar
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.07 21:40:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.07 21:40:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.07 19:20:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.07 18:32:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.07 18:29:11 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068858174-2851846924-383880506-1000UA.job
[2013.04.07 16:32:35 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.07 15:27:41 | 000,640,404 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.07 15:27:41 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.07 15:27:41 | 000,130,456 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.07 15:27:41 | 000,108,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.07 13:44:35 | 000,377,856 | ---- | M] () -- C:\Users\HmHm\Desktop\gmer_2.1.19163.exe
[2013.04.07 13:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe
[2013.04.07 12:11:52 | 000,000,512 | ---- | M] () -- C:\Users\HmHm\Documents\MBR.dat
[2013.04.07 11:40:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.07 11:40:50 | 2372,464,640 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.07 06:53:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.07 02:26:42 | 000,000,020 | ---- | M] () -- C:\Users\HmHm\defogger_reenable
[2013.04.07 01:23:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.04.07 00:46:13 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.07 00:15:02 | 000,050,477 | ---- | M] () -- C:\Users\HmHm\Desktop\Defogger.exe
[2013.04.05 22:29:17 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068858174-2851846924-383880506-1000Core.job
[2013.04.05 17:24:30 | 000,004,936 | ---- | M] () -- C:\Users\HmHm\Documents\cc_20130405_172425.reg
[2013.04.02 01:30:57 | 000,002,082 | ---- | M] () -- C:\Users\HmHm\Desktop\Google Chrome.lnk
[2013.03.31 19:55:03 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.03.31 19:52:48 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.03.30 10:51:23 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk
[2013.03.30 10:51:22 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6600.lnk
[2013.03.30 10:51:19 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk
[2013.03.30 10:45:12 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013.03.30 02:30:51 | 000,338,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.30 02:16:30 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk
[2013.03.30 02:16:30 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
[2013.03.29 11:24:27 | 000,000,995 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.29 11:23:58 | 000,000,961 | ---- | M] () -- C:\Users\HmHm\Desktop\Dropbox.lnk
[2013.03.11 00:54:28 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.07 13:41:21 | 000,377,856 | ---- | C] () -- C:\Users\HmHm\Desktop\gmer_2.1.19163.exe
[2013.04.07 13:33:25 | 000,050,477 | ---- | C] () -- C:\Users\HmHm\Desktop\Defogger.exe
[2013.04.07 12:11:52 | 000,000,512 | ---- | C] () -- C:\Users\HmHm\Documents\MBR.dat
[2013.04.07 02:25:23 | 000,000,020 | ---- | C] () -- C:\Users\HmHm\defogger_reenable
[2013.04.07 00:46:13 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.06 22:57:05 | 2372,464,640 | -HS- | C] () -- C:\hiberfil.sys
[2013.04.05 17:24:29 | 000,004,936 | ---- | C] () -- C:\Users\HmHm\Documents\cc_20130405_172425.reg
[2013.03.31 19:55:03 | 000,001,741 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.03.30 10:51:23 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk
[2013.03.30 10:51:22 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6600.lnk
[2013.03.30 10:51:19 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk
[2013.03.30 10:45:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.03.30 02:16:30 | 000,002,437 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
[2013.03.30 02:16:30 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
[2013.03.30 02:16:30 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk
[2013.03.30 02:16:30 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
[2013.03.30 02:16:30 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
[2013.03.11 00:54:28 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk
[2013.02.15 08:47:43 | 000,396,597 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.11.16 21:37:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2012.11.16 17:01:04 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.06.04 18:27:28 | 000,000,448 | ---- | C] () -- C:\ProgramData\dobkrujvufrlmra
[2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.10.20 19:28:09 | 000,000,680 | ---- | C] () -- C:\Users\HmHm\AppData\Local\d3d9caps.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.09.04 00:10:37 | 000,000,104 | ---- | C] () -- C:\Users\HmHm\Papierkorb.lnk
[2011.08.27 23:07:26 | 000,017,408 | ---- | C] () -- C:\Users\HmHm\AppData\Local\WebpageIcons.db
[2011.06.01 13:50:01 | 000,000,045 | ---- | C] () -- C:\Users\HmHm\AppData\Local\machpro.dat
[2011.06.01 10:29:22 | 000,337,856 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2010.12.29 23:02:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.30 21:11:20 | 000,026,112 | ---- | C] () -- C:\Users\HmHm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.10 00:01:36 | 000,000,262 | ---- | C] () -- C:\Users\HmHm\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.14 22:33:58 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Applian FLV and Media Player
[2011.05.14 14:29:14 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Azureus
[2011.07.15 01:39:07 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Canon
[2013.03.31 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\DAEMON Tools Lite
[2012.07.29 23:55:13 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Downloaded Installations
[2013.04.07 20:37:34 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Dropbox
[2013.02.14 21:59:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\GrabIt
[2011.08.28 00:53:58 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Gutscheinmieze
[2011.06.01 09:30:56 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\HEM Data
[2011.10.15 00:06:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Internetmanager
[2012.07.30 00:02:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Nitro PDF
[2010.11.29 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\OpenOffice.org
[2009.10.26 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\postgresql
[2011.08.22 08:20:27 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Template
[2010.11.29 12:25:57 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Thunderbird
[2013.03.30 01:10:34 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\TuneUp Software
[2012.07.21 22:53:31 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\UDC Profiles
[2012.04.16 15:50:11 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
         

Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 07.04.2013 22:25:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\HmHm\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,21 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 70,74% Memory free
4,64 Gb Paging File | 3,63 Gb Available in Paging File | 78,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 37,21 Gb Free Space | 39,51% Space Free | Partition Type: NTFS
Drive D: | 195,07 Gb Total Space | 169,06 Gb Free Space | 86,66% Space Free | Partition Type: NTFS
 
Computer Name: HMHM-PC | User Name: HmHm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ED7B3B3-2A66-4022-98E9-52F25FF1312D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{20E8E555-3CC1-499B-8479-C3633E8DE06B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{29D78A9C-999C-48D1-8095-044D075673ED}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{35C8DDC6-9035-4AE8-AEA3-5802FF2A9C51}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{420AC033-84FE-43BD-B2A2-86ECB0E1D4BD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{480C4C2D-3426-4C6E-BD59-ABF2443D6B32}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4C734478-0A6A-4127-A467-9D87307D19D2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5A0FEA17-F3D9-470D-907F-DA70F62DDF2F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5C75FB79-DBBD-4C31-9A85-F9D9EC03FBCF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{630B66A9-01AC-489D-A50A-87520C0A639F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6972A016-2576-4ED0-8DCB-C56FA62CBCFC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6A86F26F-27E5-4D76-95EA-175081E835F4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{73D88D1C-4554-4673-BD77-DB61B96E75E5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8BC05E65-DEF9-4B0C-BD5C-C5430EDD86A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8F517D81-1612-4867-9B5E-145AE89D6DC6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9191AD58-B3CE-45B9-883A-A3F004080892}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AADF4699-2FC4-4A11-80B5-AC89CEE1A706}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B3B30B24-F261-4E52-829C-68628B1C926D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{BC3955F8-C87D-4F0A-89D7-D02DF872FC55}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BF862F13-EA41-4941-9D04-46F907A966CF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C6F3CAAA-110B-4CB5-8105-3EED4EC5FF43}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CAB91FFA-7A46-4235-981A-28FCBAAD905A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D9CA04E4-5D58-4F1E-B572-28B653863B39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DEE05FC4-572F-4FEC-9F88-62C6C96423FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E0F8D9F3-D394-4838-A46E-8726CCB6EE66}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E26E5270-CAB9-42E9-A728-E47D325E7F7D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E4D17AE6-7AB5-4F69-A6C0-000C24FB970A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E7200A35-FBC9-4981-8470-BB887E2D6FDE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E99684CB-A454-42A4-AA7A-50E204036B0F}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BDAAF9F-C611-4C73-B8C0-21F4A22E152E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20B0D27D-9897-4AE8-BEC1-FD1ACBE2B1DB}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{22B6BE24-41CA-4009-9FF6-FB99AB9827BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2D7049C8-FB5E-4A4B-84A2-A1888F1810DE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{36EBF7E6-CE6D-47E8-B0D5-ECF11C7AADEF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3A5FAE5F-8669-4BE7-BC64-BDE942362554}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3ECE6220-D55B-40F8-9D75-6140D75B87B4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4B32C543-202A-4445-ACC3-4C7FEAA8A203}" = protocol=6 | dir=out | app=system | 
"{53D6AE15-A6AB-4435-8066-0DAD789627F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5F828357-0F13-4949-AF88-C943CDFEEA94}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6118791C-09C9-49C6-A527-C01DE9407785}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6209E170-6725-43F5-A30A-8DB79A8E4EF8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{62A1B790-1714-4F0D-A117-9C91F2BB9A84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6AD8A145-7A1C-44EE-9132-78874EFF51EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6B8B6061-4453-419D-940A-308AFA2D7B2B}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{6D9282D0-A5ED-40D2-90D4-9A707F37B085}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{79126619-8742-41E8-B747-549B6EC73815}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9B5AC03B-7FE2-42BD-A08C-D6C38297A025}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B7E9BBC7-68D3-4482-9701-82FA0EC7A9B3}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | 
"{B7F0D988-D46D-4F06-A1C9-783B34E1AF33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B81B091C-55A2-4BBF-86AF-19BDC2D310F0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B8488039-FE9F-4B9F-8F9E-6E0A0023BF4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B8CE2D87-6F4B-4524-98F9-533359B81630}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE6AE5CC-2378-441A-8EB9-99355326297F}" = protocol=6 | dir=in | app=c:\users\hmhm\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BFB7074B-8339-4F6E-A8FF-5CC4E7FC0B78}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{C109D9B0-99B3-4571-8825-8F20B643FA4E}" = protocol=17 | dir=in | app=c:\users\hmhm\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C7445D6A-00D1-4742-9C54-070C984C20C9}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\devicesetup.exe | 
"{E033714D-24B5-4208-A908-5C64DD8C5D6C}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe | 
"{F23FABE2-59B0-449E-A7F4-A242DCE60355}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E410EB-8542-5527-9FC9-4C44DF3B7E79}" = AMD Catalyst Install Manager
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03CD802D-47F0-BB70-5441-F2869FC4EEBD}" = Catalyst Control Center InstallProxy
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = AMD VISION Engine Control Center
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{28A2EF20-B486-685D-6642-829180ED7683}" = ccc-utility
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish
"{373C3C97-2FA9-4E18-85A2-255060C21031}" = Nero 8 Essentials
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese
"{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German
"{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish
"{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F1F9EC3-2A14-11B1-9111-526F36E7739B}" = AMD Fuel
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.05.26
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}" = PlayReady PC runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish
"{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese
"{BE09DD64-706D-4975-8034-E561C270D1E5}" = HP Officejet 6600 - Grundlegende Software für das Gerät
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C818BA3A-226F-4ED0-9CEF-96A0DF300211}" = HP Officejet 6600 Hilfe
"{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common
"{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V2.5.7
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1" = Motorola Bluetooth
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Driver Genius_is1" = Driver Genius
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.2 for Windows
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.04.2013 19:23:15 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description = 
 
Error - 06.04.2013 19:23:15 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description = 
 
Error - 06.04.2013 19:23:15 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description = 
 
Error - 06.04.2013 19:23:16 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description = 
 
Error - 06.04.2013 19:23:26 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description = 
 
Error - 06.04.2013 19:23:26 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description = 
 
Error - 06.04.2013 19:23:40 | Computer Name = HmHm-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 06.04.2013 19:28:46 | Computer Name = HmHm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.04.2013 19:31:16 | Computer Name = HmHm-PC | Source = ATIeRecord | ID = 16399
Description = ATI EEU PX dGPU Power On failed
 
Error - 07.04.2013 05:42:22 | Computer Name = HmHm-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 14.02.2013 22:06:29 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (7416.1128)
 
Error - 14.02.2013 22:06:29 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description =     Serververbindung konnte nicht hergestellt werden.. (7416.1129)
 
Error - 14.02.2013 23:07:01 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (4016.1128)
 
Error - 14.02.2013 23:07:01 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description =     Serververbindung konnte nicht hergestellt werden.. (4016.1129)
 
Error - 15.02.2013 00:07:29 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (6792.1128)
 
Error - 15.02.2013 00:07:29 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description =     Serververbindung konnte nicht hergestellt werden.. (6792.1129)
 
Error - 15.02.2013 01:07:57 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (7172.1128)
 
Error - 15.02.2013 01:07:57 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description =     Serververbindung konnte nicht hergestellt werden.. (7172.1129)
 
Error - 05.04.2013 10:42:08 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (4308.1128)
 
Error - 05.04.2013 10:42:08 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description =     Serververbindung konnte nicht hergestellt werden.. (4308.1129)
 
[ System Events ]
Error - 06.04.2013 19:06:45 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 06.04.2013 19:23:41 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 06.04.2013 19:23:49 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 06.04.2013 19:23:52 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 06.04.2013 19:23:55 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 06.04.2013 19:28:19 | Computer Name = HmHm-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = 
 
Error - 06.04.2013 19:28:52 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 06.04.2013 19:39:44 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 07.04.2013 06:22:13 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 07.04.2013 16:11:11 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7031
Description = 
 
 
< End of report >
         

Gmer.txt

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-08 09:42:54
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000066 WDC_____ rev.11.0 298,02GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\HmHm\AppData\Local\Temp\kwtdipoc.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwAdjustPrivilegesToken [0x93751208]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwAlpcConnectPort [0x93704FB8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwAlpcCreatePort [0x93705300]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwAlpcSendWaitReceivePort [0x93705746]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwClose [0x936ED91E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwConnectPort [0x93704C92]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreateEvent [0x936EDE96]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreateMutant [0x936EDD7C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreatePort [0x93705164]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreateSection [0x93754072]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreateSemaphore [0x936EDFB6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreateSymbolicLinkObject [0x93715130]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                                                                         ZwCreateThread [0x937DC7F0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreateWaitablePort [0x93705232]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwDebugActiveProcess [0x93753054]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwDeviceIoControlFile [0x936ED962]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwDuplicateObject [0x9375134A]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                                                                         ZwLoadDriver [0x937DC8B0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwMapViewOfSection [0x93715150]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwNotifyChangeKey [0x93703422]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwOpenEvent [0x936EDF2C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwOpenMutant [0x936EDE0C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwOpenProcess [0x93752BFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwOpenSection [0x9375431E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwOpenSemaphore [0x936EE04C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwOpenThread [0x93753266]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwPlugPlayControl [0x93715140]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwQueryDirectoryObject [0x936EE0D6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwQueryObject [0x93703630]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwQueueApcThread [0x93753D20]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwReplyPort [0x9370552A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwReplyWaitReceivePort [0x937053B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwReplyWaitReceivePortEx [0x9370546E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwRequestWaitReplyPort [0x9370559A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwResumeThread [0x93753A4C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwSecureConnectPort [0x93704E20]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwSetContextThread [0x93753BA8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwSetInformationToken [0x936EE178]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                                                                         ZwSetSystemInformation [0x937DC870]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwSuspendProcess [0x93752D9C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwSuspendThread [0x937538F4]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                                                                         ZwSystemDebugControl [0x937DC830]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwTerminateProcess [0x93752EFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwTerminateThread [0x93753406]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwUnmapViewOfSection [0x93754486]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwWriteVirtualMemory [0x937541B0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreateThreadEx [0x9375374A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreateUserProcess [0x937531AE]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 119                                                                                                                  844EE7DC 4 Bytes  [08, 12, 75, 93] {OR [EDX], DL; JNZ 0xffffff97}
.text           ntkrnlpa.exe!KeSetEvent + 13D                                                                                                                  844EE800 8 Bytes  [B8, 4F, 70, 93, 00, 53, 70, ...] {MOV EAX, 0x93704f; PUSH EBX; JO 0xffffff9b}
.text           ntkrnlpa.exe!KeSetEvent + 181                                                                                                                  844EE844 4 Bytes  [46, 57, 70, 93] {INC ESI; PUSH EDI; JO 0xffffff97}
.text           ntkrnlpa.exe!KeSetEvent + 1A9                                                                                                                  844EE86C 4 Bytes  [1E, D9, 6E, 93] {PUSH DS; FLDCW [ESI-0x6d]}
.text           ntkrnlpa.exe!KeSetEvent + 1C1                                                                                                                  844EE884 4 Bytes  [92, 4C, 70, 93] {XCHG EDX, EAX; DEC ESP; JO 0xffffff97}
.text           ...                                                                                                                                            
?               System32\drivers\ymyqypg.sys                                                                                                                   Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                       section is writeable [0x90810000, 0x2BFBF0, 0xE8000020]
?               system32\DRIVERS\eamonm.sys                                                                                                                    Das System kann den angegebenen Pfad nicht finden. !
?               system32\DRIVERS\ehdrv.sys                                                                                                                     Das System kann den angegebenen Pfad nicht finden. !
?               C:\Users\HmHm\AppData\Local\Temp\aswMBR.sys                                                                                                    Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                        tcpipBM.sys

Device          \Driver\ahcix86s \Device\Dev_ffffffff88692538                                                                                                  87AB460A

AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                        kltdi.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                                      kltdi.sys
---- Processes - GMER 2.1 ----

Library         C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [280]                                      0x614F0000                                                                                        
Library         C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]             0x01340000                                                                                        
Library         C:\Program Files\ESET\ESET NOD32 Antivirus\eguiHips.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]         0x61B00000                                                                                        
Library         C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]         0x61670000                                                                                        
Library         C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]         0x628E0000                                                                                        
Library         C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]         0x62B50000                                                                                        
Library         C:\Program Files\ESET\ESET NOD32 Antivirus\eguiDmon.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]         0x66BB0000                                                                                        
Library         C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]         0x60D50000                                                                                        
Library         C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]       0x60EA0000                                                                                        
Library         C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]  0x64350000                                                                                        

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df05dfc0f                                                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df060ecc2                                                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df060ecc2@a826d9d4996b                                                       0xCC 0xBB 0x00 0x0B ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                               
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                            0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                            0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                         0xD3 0x1B 0x61 0x2E ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                0x92 0x07 0xDF 0x7F ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                 
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                           0x63 0x5D 0x1E 0xF1 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df05dfc0f (not active ControlSet)                                                
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df060ecc2 (not active ControlSet)                                                
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df060ecc2@a826d9d4996b                                                           0xCC 0xBB 0x00 0x0B ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                           
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                             0xD3 0x1B 0x61 0x2E ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                    0x92 0x07 0xDF 0x7F ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                             
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                               0x63 0x5D 0x1E 0xF1 ...

---- EOF - GMER 2.1 ----
         
Über Hilfe würde ich mich wirklich sehr freuen.

 

Themen zu Google Redirect Virus (?)
antivirus, bho, c:\windows\system32\cmd.exe, driver genius, ebanking, error, eset nod32, fehler, firefox, flash player, format, google, helper, home, install.exe, internet security 2013, intranet, kaspersky internet security 2013, launch, mozilla, office 2007, officejet, plug-in, problem, prozesse, realtek, registry, rootkit, rundll, security, senden, software, super, svchost.exe, tastatur, udp, virus, vista




Ähnliche Themen: Google Redirect Virus (?)


  1. google redirect virus
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (26)
  2. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 05.01.2013 (18)
  3. Google Redirect-Virus
    Log-Analyse und Auswertung - 02.11.2012 (3)
  4. Google Redirect Virus
    Log-Analyse und Auswertung - 31.10.2012 (49)
  5. Google redirect Virus
    Log-Analyse und Auswertung - 01.10.2012 (11)
  6. google redirect virus
    Log-Analyse und Auswertung - 11.09.2012 (9)
  7. Google Redirect Virus bzw. Google Hijack + PC Langsam
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (2)
  8. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (44)
  9. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 14.05.2012 (21)
  10. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 22.04.2012 (9)
  11. Google redirect virus
    Plagegeister aller Art und deren Bekämpfung - 21.04.2012 (20)
  12. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (29)
  13. Google Redirect Virus
    Log-Analyse und Auswertung - 04.04.2012 (1)
  14. Google redirect Virus.
    Plagegeister aller Art und deren Bekämpfung - 08.03.2012 (22)
  15. google redirect virus
    Log-Analyse und Auswertung - 09.07.2011 (7)
  16. Google Redirect Virus was nun ?
    Plagegeister aller Art und deren Bekämpfung - 21.06.2011 (3)
  17. Google Redirect Virus
    Log-Analyse und Auswertung - 17.06.2011 (6)

Zum Thema Google Redirect Virus (?) - Hallo, ich hab ein (großes ?) Problem mit meinem Laptop. Bei der Googlesuche auf meinem Laptop sind die Suchergebnisse 2-7 die angezeigt werden irgendein Spam- oder Phishingmüll. Auch läuft er - Google Redirect Virus (?)...
Archiv
Du betrachtest: Google Redirect Virus (?) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.