GMX KOnto - Mails im Gesendet Ordner an unbekannte Empfänger/Mail Deamon failure Nachrichten

Takezo64 · 14.11.2013, 10:07

Hi!
Ich bekam gestern mehrere Mailer Deamon Failure Nachrichten über "unzustellbare" Mails an mir unbekannte Empfänger (nur 5 oder 6) auf meinem GMX Konto. Gleichzeitig fand ich diese Mails im Gesendet Ordner, die ich natürlich nicht verschickt habe.

Ich hab als allererstes mal LiveMail geschlossen und nutze GMX zunächst mal nur online, damit keine Synchronisierung auf den Rechner erfolgt.

Ich habe mal ne Mail an eine falsche Adresse geschickt und bekam eine einzelne normale Delivery Failure Nachricht, die so aussieht, wie es wohl sein soll.

Da ich das Konto zum Arbeiten verwende und schon genug Horror-Stories über gehackte Konten gehört habe, kann ich mir jetzt keinen Fehltritt erlauben.

Wie sieht das Prozedere aus? Meinen Rechner kann ich ja prüfen, aber wenn der Wurm im Online-Konto steckt, lade ich mir den bei jeder Synchronisierung mit runter, oder?

Vielen Dank

Hier gleich schon mal die Logs von FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by takezo (administrator) on TAKEZO-PC on 14-11-2013 08:16:18
Running from C:\Users\takezo\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Conduit) C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
() C:\Program Files (x86)\Kilgray\memoQ62\AUClient.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Flexera Software, Inc.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Conduit) C:\Users\takezo\AppData\Roaming\SearchProtect\bin\cltmng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(EnTech Taiwan) C:\Program Files (x86)\softOSD\softOSD.exe
(EnTech Taiwan) C:\Windows\SysWOW64\softLCP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKCU\...\Run: [ares] - "C:\Program Files (x86)\Ares\Ares.exe" -h
HKCU\...\Run: [60B4777B1CB62094B64B93BC48B5F6412B595D84._service_run] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-11-06] (Google Inc.)
HKCU\...\Run: [SearchProtect] - C:\Users\takezo\AppData\Roaming\SearchProtect\bin\cltmng.exe [3470624 2013-09-22] (Conduit)
HKCU\...\Run: [TBHostSupport] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\takezo\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
MountPoints2: {6d46aea9-bbdc-11df-b0c2-00241ddcc840} - F:\StartVMCLite.exe
MountPoints2: {6d46aeaf-bbdc-11df-b0c2-00241ddcc840} - E:\StartVMCLite.exe
MountPoints2: {90c94552-a630-11e1-aadf-00241ddcc840} - F:\AutoRun.exe
MountPoints2: {90c94561-a630-11e1-aadf-00241ddcc840} - F:\AutoRun.exe
HKLM-x32\...\Run: [NPSStartup] - [x]
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [3470624 2013-09-22] (Conduit)
AppInit_DLLs:             [0 ] ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x556297C7B851CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource=61&CUI=UN34622877863902463&UM=2&UP=SP2FD5A13A-A380-46CD-99C9-FDC311A61B93
URLSearchHook: HKCU - (No Name) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope {2EB24800-C98E-40B6-8D84-731976BC6A0A} URL = 
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKLM-x32 - {6ABCD5EE-36EE-8A5A-23B3-42B5A8CC4DFB} URL = 
SearchScopes: HKLM-x32 - {DB9720DB-25F2-4C15-8F7D-6B8A64F3B3B8} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
SearchScopes: HKCU - DefaultScope {2EB24800-C98E-40B6-8D84-731976BC6A0A} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN34622877863902463&UM=2
SearchScopes: HKCU - Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKCU - {2EB24800-C98E-40B6-8D84-731976BC6A0A} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN34622877863902463&UM=2
SearchScopes: HKCU - {6ABCD5EE-36EE-8A5A-23B3-42B5A8CC4DFB} URL = hxxp://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKCU - {DB9720DB-25F2-4C15-8F7D-6B8A64F3B3B8} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} -  No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A06C56FD-272D-4340-BD27-4A9245B13AA5}: [NameServer]88.214.182.2 88.214.178.1

FireFox:
========
FF ProfilePath: C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\dxsiuzp1.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\dxsiuzp1.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\dxsiuzp1.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\dxsiuzp1.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\dxsiuzp1.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\dxsiuzp1.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\dxsiuzp1.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: toolbar - C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\dxsiuzp1.default\Extensions\toolbar@gmx.net.xpi
FF Extension: noscript - C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\dxsiuzp1.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\dxsiuzp1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Learn Norwegian) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkaecdhlnfkbaclahgdlkmpcoheacal\1.0_0
CHR Extension: (Google Search) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\14.0.0.4651_0
CHR Extension: (AdBlock) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0
CHR Extension: (Safe Money) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\14.0.0.4651_0
CHR Extension: (Dangerous Websites Blocker) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\14.0.0.4651_0
CHR Extension: (Virtual Keyboard) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\14.0.0.4794_0
CHR Extension: (Google Wallet) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\takezo\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-02] (Kaspersky Lab ZAO)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [220960 2013-09-22] (Conduit)
R2 Kilgray: memoQ update permissions manager. 2595325.; C:\Program Files (x86)\Kilgray\memoQ62\AUClient.exe [696320 2012-12-17] ()
R2 MSSQL$ACROSS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NalServ; C:\Windows\SysWOW64\nalserv.exe [146032 2013-09-02] (Nalpeiron Ltd.)
S2 NewServiceInstall1; C:\Program Files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng [11264 2007-04-23] ()
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-11-12] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [93848 2008-09-18] (SiSoftware)
R2 softOSD; C:\Program Files (x86)\softOSD\softOSD.exe [291384 2010-12-18] (EnTech Taiwan)
S4 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [62464 2006-01-05] (Broadcom Corporation.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2010-01-14] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-01-14] (Huawei Technologies Co., Ltd.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [623200 2013-11-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-02] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-02] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178784 2013-06-06] (Kaspersky Lab ZAO)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 se64a; C:\Windows\System32\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
R1 se64a; C:\Windows\SysWow64\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] ()
U5 BTKRNL; C:\Windows\System32\Drivers\BTKRNL.sys [1106688 2006-01-05] (Broadcom Corporation.)
S1 tvtool; \??\C:\Program Files (x86)\TVTool 9.6.1\tvtool.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-14 08:16 - 2013-11-14 08:17 - 00024206 _____ C:\Users\takezo\Downloads\FRST.txt
2013-11-14 08:16 - 2013-11-14 08:16 - 00000000 ____D C:\FRST
2013-11-14 08:15 - 2013-11-14 08:15 - 01957794 _____ (Farbar) C:\Users\takezo\Downloads\FRST64.exe
2013-11-14 02:09 - 2013-11-14 02:09 - 00000000 ____D C:\Users\takezo\AppData\Local\{479BB001-A4E2-4FE2-8E27-8FBBD106ABAA}
2013-11-13 10:12 - 2013-11-13 10:12 - 00000000 ____D C:\Users\takezo\AppData\Local\{DB3E866A-6CC3-486E-920D-0D0DC77BD88B}
2013-11-12 21:28 - 2013-11-12 21:28 - 00000000 ____D C:\Users\takezo\AppData\Local\{6E2B2D9B-6D9C-4892-8351-A3F9E5CD87E2}
2013-11-12 17:26 - 2013-11-12 17:26 - 00234768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-11-12 17:23 - 2013-11-12 17:23 - 00000000 ____D C:\Users\takezo\AppData\Local\PunkBuster
2013-11-12 17:22 - 2013-11-12 17:22 - 00000000 ____D C:\Users\takezo\Documents\Battlefield Play4Free
2013-11-12 16:34 - 2013-11-12 16:34 - 00000000 ____D C:\Users\takezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
2013-11-12 16:14 - 2013-11-12 16:14 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-11-12 13:12 - 2013-11-12 13:12 - 05431956 _____ C:\Users\takezo\Downloads\WhatsApp_2_11_173.sis
2013-11-12 13:06 - 2013-11-12 13:06 - 03997560 _____ (BlueStack Systems, Inc.) C:\Users\takezo\Downloads\BlueStacks-ThinInstaller.exe
2013-11-12 13:05 - 2013-11-12 13:05 - 03180407 _____ C:\Users\takezo\Downloads\appguard-app.apk
2013-11-12 13:04 - 2013-11-12 13:04 - 11806928 _____ C:\Users\takezo\Downloads\WhatsApp.apk
2013-11-12 12:34 - 2013-11-13 05:44 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-12 09:27 - 2013-11-12 09:28 - 00000000 ____D C:\Users\takezo\AppData\Local\{12CAA9D3-0A76-4254-8D3F-93721BD9535D}
2013-11-11 23:00 - 2013-11-11 23:00 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-11 23:00 - 2013-11-11 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-11 22:42 - 2013-11-11 22:42 - 00283104 _____ (Mozilla) C:\Users\takezo\Downloads\Firefox Setup Stub 25.0.exe
2013-11-11 21:54 - 2013-11-11 21:54 - 00000000 ____D C:\Users\takezo\AppData\Local\TBHostSupport
2013-11-11 21:45 - 2013-11-11 21:48 - 00000000 ____D C:\Users\takezo\AppData\Local\Conduit
2013-11-11 21:45 - 2013-11-11 21:45 - 00000000 ____D C:\Users\takezo\AppData\Local\WhiteListing
2013-11-11 21:45 - 2013-11-11 21:45 - 00000000 ____D C:\ProgramData\Conduit
2013-11-11 21:44 - 2013-11-11 21:46 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-11-11 21:44 - 2013-11-11 21:44 - 00000000 ____D C:\Users\takezo\AppData\Local\NativeMessaging
2013-11-11 21:44 - 2013-11-11 21:44 - 00000000 ____D C:\Users\takezo\AppData\Local\CRE
2013-11-11 21:44 - 2013-11-11 21:44 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-11-11 21:43 - 2013-11-11 21:48 - 00000000 ____D C:\Users\takezo\AppData\Roaming\SearchProtect
2013-11-11 21:42 - 2013-11-11 21:47 - 00000009 _____ C:\END
2013-11-11 21:27 - 2013-11-11 21:27 - 00000000 ____D C:\Users\takezo\AppData\Local\{2850D5C3-47E3-4C14-AE13-12CFD0A574A6}
2013-11-11 09:27 - 2013-11-11 09:27 - 00000000 ____D C:\Users\takezo\AppData\Local\{99566EB5-2E46-4DA8-8998-257D706223D5}
2013-11-10 21:26 - 2013-11-10 21:26 - 00000000 ____D C:\Users\takezo\AppData\Local\{DA2E4DAA-AB4E-4289-BB17-9F7372C8DBB6}
2013-11-10 09:26 - 2013-11-10 09:26 - 00000000 ____D C:\Users\takezo\AppData\Local\{41459571-32C7-4FE0-9A29-5D7ABE27F58B}
2013-11-09 21:03 - 2013-11-09 21:03 - 00000000 ____D C:\Users\takezo\AppData\Local\{38FE0129-3C99-46D8-90C0-26A3E479F0B3}
2013-11-09 09:03 - 2013-11-09 09:03 - 00000000 ____D C:\Users\takezo\AppData\Local\{002FF69F-6ED2-4D0F-86CF-BD57380CE5C0}
2013-11-08 21:02 - 2013-11-08 21:03 - 00000000 ____D C:\Users\takezo\AppData\Local\{772F7ED0-65B5-4CAC-B94E-4B244FA10C26}
2013-11-08 09:02 - 2013-11-08 09:02 - 00000000 ____D C:\Users\takezo\AppData\Local\{2EA247FF-3C72-44C1-8253-24D98E1E51C4}
2013-11-07 21:02 - 2013-11-07 21:02 - 00000000 ____D C:\Users\takezo\AppData\Local\{6C80A30D-0B62-4E0B-9E2E-11394E47796C}
2013-11-07 09:01 - 2013-11-07 09:02 - 00000000 ____D C:\Users\takezo\AppData\Local\{40DFC205-FD40-49B7-8FFD-83BBE0D2DA00}
2013-11-06 21:01 - 2013-11-06 21:01 - 00000000 ____D C:\Users\takezo\AppData\Local\{9ADB06EE-8995-40C4-A1E0-3F7C8C3BDE54}
2013-11-06 09:01 - 2013-11-06 09:01 - 00000000 ____D C:\Users\takezo\AppData\Local\{0CFAA56C-32F7-4BD5-BDA0-79ADEC622DEE}
2013-11-05 21:00 - 2013-11-05 21:00 - 00000000 ____D C:\Users\takezo\AppData\Local\{93C8212C-04A9-481F-8D7A-D09913F93564}
2013-11-05 09:00 - 2013-11-05 09:00 - 00000000 ____D C:\Users\takezo\AppData\Local\{E0424539-C448-4F18-8440-115C2D717CF9}
2013-11-04 21:00 - 2013-11-04 21:00 - 00000000 ____D C:\Users\takezo\AppData\Local\{8DF8A954-7E6A-404A-BF15-EA35D68AC588}
2013-11-04 08:59 - 2013-11-04 09:00 - 00000000 ____D C:\Users\takezo\AppData\Local\{B16D29B3-3C19-49E7-BDB9-513D274377AA}
2013-11-03 20:59 - 2013-11-03 20:59 - 00000000 ____D C:\Users\takezo\AppData\Local\{46D66DD8-B028-4725-BE06-A24206900B75}
2013-11-03 08:59 - 2013-11-03 08:59 - 00000000 ____D C:\Users\takezo\AppData\Local\{7AE15DAD-3D49-43CB-9DE6-14E48C529851}
2013-11-02 18:49 - 2013-11-02 18:49 - 00000000 ____D C:\Users\takezo\AppData\Local\{C547B2FA-0EA0-44FA-9CCD-E1E08AAC2CAE}
2013-11-02 07:01 - 2013-11-02 07:01 - 00001175 _____ C:\Users\takezo\Desktop\November - Verknüpfung.lnk
2013-11-02 06:49 - 2013-11-02 06:49 - 00000000 ____D C:\Users\takezo\AppData\Local\{FA3EFFD5-CE1F-4084-A7D9-F52C4FE8C8E7}
2013-11-01 09:36 - 2013-11-01 09:36 - 00000000 ____D C:\Users\takezo\AppData\Local\{9160682B-0BBF-489F-8A54-E938F83553E9}
2013-10-31 21:36 - 2013-10-31 21:36 - 00000000 ____D C:\Users\takezo\AppData\Local\{D3364484-32FF-40B0-B8F1-037291402CA4}
2013-10-31 09:35 - 2013-10-31 09:36 - 00000000 ____D C:\Users\takezo\AppData\Local\{C1354F50-077C-4C77-B21C-4EE226C63B47}
2013-10-30 22:20 - 2013-11-11 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-30 21:35 - 2013-10-30 21:35 - 00000000 ____D C:\Users\takezo\AppData\Local\{FE357A81-8D3C-46FE-B01E-9731472EAAC5}
2013-10-30 09:35 - 2013-10-30 09:35 - 00000000 ____D C:\Users\takezo\AppData\Local\{A7BD3ACC-B326-4710-A79D-9ACA389AE854}
2013-10-29 21:34 - 2013-10-29 21:35 - 00000000 ____D C:\Users\takezo\AppData\Local\{CCD92D8E-7C5A-4CE7-A14A-C29E77AE7E90}
2013-10-29 09:44 - 2013-10-23 10:30 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-29 09:44 - 2013-10-23 10:30 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-29 09:44 - 2013-10-23 10:30 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-29 09:41 - 2013-10-18 01:36 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-29 09:41 - 2013-10-18 01:36 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-29 09:38 - 2013-09-27 23:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-10-29 09:38 - 2013-09-27 23:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-10-29 09:34 - 2013-10-29 09:34 - 00000000 ____D C:\Users\takezo\AppData\Local\{9CC932EC-6B4C-4688-B47F-266EB1EAB1A5}
2013-10-28 08:38 - 2013-10-28 08:38 - 00000000 ____D C:\Users\takezo\AppData\Local\{8FC33A20-79B6-487A-A5B4-CFE5A4ACE312}
2013-10-27 20:38 - 2013-10-27 20:38 - 00000000 ____D C:\Users\takezo\AppData\Local\{6D87A2DB-D742-412B-AEF6-3FC35F78A1DE}
2013-10-27 08:37 - 2013-10-27 08:38 - 00000000 ____D C:\Users\takezo\AppData\Local\{59601BDD-0A83-4BF3-9DDF-962F7CF1F050}
2013-10-26 20:04 - 2013-10-26 20:05 - 00000000 ____D C:\Users\takezo\AppData\Local\{263617D9-CC1D-47B9-B22E-7797AE04F7DA}
2013-10-26 08:04 - 2013-10-26 08:04 - 00000000 ____D C:\Users\takezo\AppData\Local\{1D4026E1-5A35-4FEC-9B00-13346A85C7A6}
2013-10-25 20:20 - 2013-10-25 21:03 - 00000000 ____D C:\Users\takezo\Documents\Assassin's Creed III
2013-10-25 19:49 - 2013-10-25 19:49 - 00000000 ____D C:\Users\takezo\AppData\Local\Apps\2.0
2013-10-25 19:49 - 2013-10-25 19:49 - 00000000 ____D C:\Users\takezo\AppData\Local\{D1DC136C-78CF-4DA5-9F95-ACA1A0CA13C5}
2013-10-25 19:32 - 2013-10-25 19:32 - 00001165 _____ C:\Users\takezo\Desktop\Uplay.lnk
2013-10-25 19:32 - 2013-10-25 19:32 - 00000000 ____D C:\Users\takezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-10-25 15:36 - 2013-10-25 19:26 - 00035719 _____ C:\Windows\DirectX.log
2013-10-25 13:05 - 2013-10-25 13:06 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\takezo\Downloads\tdsskiller.exe
2013-10-25 07:49 - 2013-10-25 07:49 - 00000000 ____D C:\Users\takezo\AppData\Local\{D70EFCC9-778E-45C2-ABEA-54DFCA8E7B61}
2013-10-24 19:48 - 2013-10-24 19:48 - 00000000 ____D C:\Users\takezo\AppData\Local\{37D049A6-B05F-44A5-BB8C-07F477F7AFE0}
2013-10-24 07:54 - 2013-11-11 21:52 - 00000000 ____D C:\Users\takezo\Desktop\Alte Firefox-Daten
2013-10-24 07:48 - 2013-10-24 07:48 - 00000000 ____D C:\Users\takezo\AppData\Local\{F6507408-3C7F-40BD-944C-8E5A324C5519}
2013-10-23 19:22 - 2013-10-23 19:22 - 00000000 ____D C:\Users\takezo\AppData\Local\{FF6AC9F1-6173-47A6-910A-6664DFEB3C98}
2013-10-23 15:46 - 2013-10-23 15:46 - 01955374 _____ (Farbar) C:\Users\takezo\Downloads\FRST64(1).exe
2013-10-23 07:21 - 2013-10-23 07:21 - 00000000 ____D C:\Users\takezo\AppData\Local\{7C7F560A-A464-4FD3-AB9E-B5934C5A567D}
2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-22 19:21 - 2013-10-22 19:21 - 00000000 ____D C:\Users\takezo\AppData\Local\{9201E149-CEC6-4186-95D8-0733E1990002}
2013-10-22 12:13 - 2013-10-16 00:48 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-10-22 12:13 - 2013-10-16 00:48 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-10-22 09:14 - 2013-10-22 09:14 - 00000000 ____D C:\Program Files\VideoLAN
2013-10-22 09:12 - 2013-10-22 09:12 - 23280480 _____ C:\Users\takezo\Downloads\vlc-2.1.0-win64.exe
2013-10-22 07:20 - 2013-10-22 07:20 - 00000000 ____D C:\Users\takezo\AppData\Local\{7930521C-4E8B-4168-B104-31026A257C9D}
2013-10-21 18:13 - 2013-10-21 18:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-21 18:13 - 2013-10-21 18:13 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 18:13 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-21 09:45 - 2013-10-21 09:45 - 00000000 ____D C:\Users\takezo\AppData\Local\{4078EAD6-B357-4C6F-9E02-71193A28DCC1}
2013-10-20 21:45 - 2013-10-20 21:45 - 00000000 ____D C:\Users\takezo\AppData\Local\{AD5B90A0-406C-44C5-8C57-AA49B8AA721C}
2013-10-20 09:44 - 2013-10-20 09:45 - 00000000 ____D C:\Users\takezo\AppData\Local\{A95B567E-CF0A-48EF-B1E3-7BCF60ED8814}
2013-10-19 09:08 - 2013-10-19 09:09 - 00000000 ____D C:\Users\takezo\AppData\Local\{34698E1E-E1CB-4F76-BA42-ACF565E3B001}
2013-10-18 21:08 - 2013-10-18 21:08 - 00000000 ____D C:\Users\takezo\AppData\Local\{06720CB0-D406-4A25-A6E6-159FDC749862}
2013-10-18 13:07 - 2013-10-18 13:09 - 00000000 ____D C:\Users\takezo\Documents\Hard Reset Extended
2013-10-18 13:05 - 2013-10-18 13:05 - 00000000 ____D C:\Users\takezo\AppData\Roaming\Hard Reset
2013-10-18 13:04 - 2013-10-18 13:04 - 00000000 ____D C:\Users\takezo\AppData\Roaming\Kalypso Media
2013-10-18 13:03 - 2013-10-18 13:03 - 00001289 _____ C:\Users\Public\Desktop\Hard Reset - Extended Edition.lnk
2013-10-18 12:56 - 2013-10-18 12:56 - 00000000 ____D C:\Program Files (x86)\Kalypso Media
2013-10-18 10:13 - 2013-10-18 10:12 - 01345792 _____ C:\Users\takezo\Downloads\Nexus-7-Handbuch-Setup(1).exe
2013-10-18 10:12 - 2013-10-18 10:12 - 01345792 _____ C:\Users\takezo\Downloads\Nexus-7-Handbuch-Setup.exe
2013-10-18 09:08 - 2013-10-18 09:08 - 00000000 ____D C:\Users\takezo\AppData\Local\{414C1435-E169-41CF-A560-BF4A3FE6E343}
2013-10-17 21:07 - 2013-10-17 21:08 - 00000000 ____D C:\Users\takezo\AppData\Local\{55DCD970-1D85-4A0A-AE01-1AFA376E89A6}
2013-10-17 09:07 - 2013-10-17 09:07 - 00000000 ____D C:\Users\takezo\AppData\Local\{8AC30231-7DCC-4F11-B278-D3C1A555865C}
2013-10-16 19:34 - 2013-10-16 19:34 - 00000000 ____D C:\Users\takezo\AppData\Local\{DA94BA3E-F0AA-4859-8D08-8F87EEA0D4C5}
2013-10-16 14:31 - 2013-10-16 14:32 - 00000000 ____D C:\Program Files (x86)\HP Smart Document Scan Software 3
2013-10-16 14:31 - 2013-10-16 14:31 - 00002067 _____ C:\Users\Public\Desktop\HP Smart Document-Scansoftware 3.6.1.lnk
2013-10-16 07:47 - 2013-10-16 07:47 - 08955640 _____ C:\Users\takezo\Downloads\Visuals.zip
2013-10-16 07:34 - 2013-10-16 07:34 - 00000000 ____D C:\Users\takezo\AppData\Local\{40926ED7-6661-4FF5-98CF-A4CCFE310B34}
2013-10-15 19:33 - 2013-10-15 19:33 - 00000000 ____D C:\Users\takezo\AppData\Local\{EFBDF3FE-AD90-40C7-A0A5-B148791C17E1}
2013-10-15 07:42 - 2013-10-15 07:42 - 01371906 _____ C:\Users\takezo\Downloads\Nexus-7-Guidebook-2013.zip
2013-10-15 07:33 - 2013-10-15 07:33 - 00000000 ____D C:\Users\takezo\AppData\Local\{AC814E64-E7FE-4A08-82EB-030ED1E1FBA8}

==================== One Month Modified Files and Folders =======

2013-11-14 08:17 - 2013-11-14 08:16 - 00024206 _____ C:\Users\takezo\Downloads\FRST.txt
2013-11-14 08:16 - 2013-11-14 08:16 - 00000000 ____D C:\FRST
2013-11-14 08:15 - 2013-11-14 08:15 - 01957794 _____ (Farbar) C:\Users\takezo\Downloads\FRST64.exe
2013-11-14 07:55 - 2013-10-02 12:09 - 00000340 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-11-14 07:54 - 2010-08-30 10:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-11-14 07:45 - 2009-07-14 04:45 - 00026032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 07:45 - 2009-07-14 04:45 - 00026032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 07:42 - 2010-08-30 10:04 - 01277985 _____ C:\Windows\WindowsUpdate.log
2013-11-14 07:40 - 2011-09-05 09:33 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-14 07:37 - 2011-09-05 09:33 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-14 07:37 - 2009-07-14 04:51 - 00101326 _____ C:\Windows\setupact.log
2013-11-14 07:36 - 2010-08-30 10:33 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-14 07:36 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 02:33 - 2012-07-15 08:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-14 02:09 - 2013-11-14 02:09 - 00000000 ____D C:\Users\takezo\AppData\Local\{479BB001-A4E2-4FE2-8E27-8FBBD106ABAA}
2013-11-13 10:12 - 2013-11-13 10:12 - 00000000 ____D C:\Users\takezo\AppData\Local\{DB3E866A-6CC3-486E-920D-0D0DC77BD88B}
2013-11-13 05:44 - 2013-11-12 12:34 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-13 00:32 - 2010-08-30 10:56 - 00056550 _____ C:\Windows\PFRO.log
2013-11-12 21:28 - 2013-11-12 21:28 - 00000000 ____D C:\Users\takezo\AppData\Local\{6E2B2D9B-6D9C-4892-8351-A3F9E5CD87E2}
2013-11-12 17:26 - 2013-11-12 17:26 - 00234768 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-11-12 17:26 - 2011-03-25 15:01 - 00234768 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-12 17:23 - 2013-11-12 17:23 - 00000000 ____D C:\Users\takezo\AppData\Local\PunkBuster
2013-11-12 17:22 - 2013-11-12 17:22 - 00000000 ____D C:\Users\takezo\Documents\Battlefield Play4Free
2013-11-12 16:35 - 2011-03-25 15:01 - 00075136 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-11-12 16:34 - 2013-11-12 16:34 - 00000000 ____D C:\Users\takezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
2013-11-12 16:14 - 2013-11-12 16:14 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-11-12 13:20 - 2009-07-14 17:58 - 02510942 _____ C:\Windows\system32\perfh007.dat
2013-11-12 13:20 - 2009-07-14 17:58 - 01846640 _____ C:\Windows\system32\perfc007.dat
2013-11-12 13:20 - 2009-07-14 05:13 - 00006656 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-12 13:12 - 2013-11-12 13:12 - 05431956 _____ C:\Users\takezo\Downloads\WhatsApp_2_11_173.sis
2013-11-12 13:06 - 2013-11-12 13:06 - 03997560 _____ (BlueStack Systems, Inc.) C:\Users\takezo\Downloads\BlueStacks-ThinInstaller.exe
2013-11-12 13:05 - 2013-11-12 13:05 - 03180407 _____ C:\Users\takezo\Downloads\appguard-app.apk
2013-11-12 13:04 - 2013-11-12 13:04 - 11806928 _____ C:\Users\takezo\Downloads\WhatsApp.apk
2013-11-12 12:34 - 2010-09-27 11:47 - 00000000 ____D C:\Users\takezo\AppData\Local\Google
2013-11-12 12:34 - 2010-09-27 11:47 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-12 09:28 - 2013-11-12 09:27 - 00000000 ____D C:\Users\takezo\AppData\Local\{12CAA9D3-0A76-4254-8D3F-93721BD9535D}
2013-11-12 09:11 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-11 23:00 - 2013-11-11 23:00 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-11 23:00 - 2013-11-11 23:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-11 23:00 - 2013-10-30 22:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-11 22:42 - 2013-11-11 22:42 - 00283104 _____ (Mozilla) C:\Users\takezo\Downloads\Firefox Setup Stub 25.0.exe
2013-11-11 21:54 - 2013-11-11 21:54 - 00000000 ____D C:\Users\takezo\AppData\Local\TBHostSupport
2013-11-11 21:52 - 2013-10-24 07:54 - 00000000 ____D C:\Users\takezo\Desktop\Alte Firefox-Daten
2013-11-11 21:48 - 2013-11-11 21:45 - 00000000 ____D C:\Users\takezo\AppData\Local\Conduit
2013-11-11 21:48 - 2013-11-11 21:43 - 00000000 ____D C:\Users\takezo\AppData\Roaming\SearchProtect
2013-11-11 21:47 - 2013-11-11 21:42 - 00000009 _____ C:\END
2013-11-11 21:46 - 2013-11-11 21:44 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-11-11 21:45 - 2013-11-11 21:45 - 00000000 ____D C:\Users\takezo\AppData\Local\WhiteListing
2013-11-11 21:45 - 2013-11-11 21:45 - 00000000 ____D C:\ProgramData\Conduit
2013-11-11 21:44 - 2013-11-11 21:44 - 00000000 ____D C:\Users\takezo\AppData\Local\NativeMessaging
2013-11-11 21:44 - 2013-11-11 21:44 - 00000000 ____D C:\Users\takezo\AppData\Local\CRE
2013-11-11 21:44 - 2013-11-11 21:44 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-11-11 21:27 - 2013-11-11 21:27 - 00000000 ____D C:\Users\takezo\AppData\Local\{2850D5C3-47E3-4C14-AE13-12CFD0A574A6}
2013-11-11 09:27 - 2013-11-11 09:27 - 00000000 ____D C:\Users\takezo\AppData\Local\{99566EB5-2E46-4DA8-8998-257D706223D5}
2013-11-10 21:26 - 2013-11-10 21:26 - 00000000 ____D C:\Users\takezo\AppData\Local\{DA2E4DAA-AB4E-4289-BB17-9F7372C8DBB6}
2013-11-10 09:26 - 2013-11-10 09:26 - 00000000 ____D C:\Users\takezo\AppData\Local\{41459571-32C7-4FE0-9A29-5D7ABE27F58B}
2013-11-09 21:03 - 2013-11-09 21:03 - 00000000 ____D C:\Users\takezo\AppData\Local\{38FE0129-3C99-46D8-90C0-26A3E479F0B3}
2013-11-09 09:03 - 2013-11-09 09:03 - 00000000 ____D C:\Users\takezo\AppData\Local\{002FF69F-6ED2-4D0F-86CF-BD57380CE5C0}
2013-11-08 21:03 - 2013-11-08 21:02 - 00000000 ____D C:\Users\takezo\AppData\Local\{772F7ED0-65B5-4CAC-B94E-4B244FA10C26}
2013-11-08 09:02 - 2013-11-08 09:02 - 00000000 ____D C:\Users\takezo\AppData\Local\{2EA247FF-3C72-44C1-8253-24D98E1E51C4}
2013-11-07 21:02 - 2013-11-07 21:02 - 00000000 ____D C:\Users\takezo\AppData\Local\{6C80A30D-0B62-4E0B-9E2E-11394E47796C}
2013-11-07 09:23 - 2013-08-14 11:40 - 00623200 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-11-07 09:23 - 2013-05-06 08:22 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2013-11-07 09:02 - 2013-11-07 09:01 - 00000000 ____D C:\Users\takezo\AppData\Local\{40DFC205-FD40-49B7-8FFD-83BBE0D2DA00}
2013-11-06 21:01 - 2013-11-06 21:01 - 00000000 ____D C:\Users\takezo\AppData\Local\{9ADB06EE-8995-40C4-A1E0-3F7C8C3BDE54}
2013-11-06 09:01 - 2013-11-06 09:01 - 00000000 ____D C:\Users\takezo\AppData\Local\{0CFAA56C-32F7-4BD5-BDA0-79ADEC622DEE}
2013-11-05 21:00 - 2013-11-05 21:00 - 00000000 ____D C:\Users\takezo\AppData\Local\{93C8212C-04A9-481F-8D7A-D09913F93564}
2013-11-05 09:00 - 2013-11-05 09:00 - 00000000 ____D C:\Users\takezo\AppData\Local\{E0424539-C448-4F18-8440-115C2D717CF9}
2013-11-04 21:00 - 2013-11-04 21:00 - 00000000 ____D C:\Users\takezo\AppData\Local\{8DF8A954-7E6A-404A-BF15-EA35D68AC588}
2013-11-04 12:13 - 2010-08-30 13:28 - 00000000 ____D C:\Users\takezo\AppData\Roaming\Skype
2013-11-04 11:54 - 2010-08-30 12:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-04 11:54 - 2010-08-30 12:12 - 00000000 ____D C:\ProgramData\Skype
2013-11-04 09:00 - 2013-11-04 08:59 - 00000000 ____D C:\Users\takezo\AppData\Local\{B16D29B3-3C19-49E7-BDB9-513D274377AA}
2013-11-03 20:59 - 2013-11-03 20:59 - 00000000 ____D C:\Users\takezo\AppData\Local\{46D66DD8-B028-4725-BE06-A24206900B75}
2013-11-03 08:59 - 2013-11-03 08:59 - 00000000 ____D C:\Users\takezo\AppData\Local\{7AE15DAD-3D49-43CB-9DE6-14E48C529851}
2013-11-02 18:49 - 2013-11-02 18:49 - 00000000 ____D C:\Users\takezo\AppData\Local\{C547B2FA-0EA0-44FA-9CCD-E1E08AAC2CAE}
2013-11-02 07:01 - 2013-11-02 07:01 - 00001175 _____ C:\Users\takezo\Desktop\November - Verknüpfung.lnk
2013-11-02 06:49 - 2013-11-02 06:49 - 00000000 ____D C:\Users\takezo\AppData\Local\{FA3EFFD5-CE1F-4084-A7D9-F52C4FE8C8E7}
2013-11-01 09:36 - 2013-11-01 09:36 - 00000000 ____D C:\Users\takezo\AppData\Local\{9160682B-0BBF-489F-8A54-E938F83553E9}
2013-10-31 21:36 - 2013-10-31 21:36 - 00000000 ____D C:\Users\takezo\AppData\Local\{D3364484-32FF-40B0-B8F1-037291402CA4}
2013-10-31 09:36 - 2013-10-31 09:35 - 00000000 ____D C:\Users\takezo\AppData\Local\{C1354F50-077C-4C77-B21C-4EE226C63B47}
2013-10-30 21:35 - 2013-10-30 21:35 - 00000000 ____D C:\Users\takezo\AppData\Local\{FE357A81-8D3C-46FE-B01E-9731472EAAC5}
2013-10-30 09:35 - 2013-10-30 09:35 - 00000000 ____D C:\Users\takezo\AppData\Local\{A7BD3ACC-B326-4710-A79D-9ACA389AE854}
2013-10-29 21:35 - 2013-10-29 21:34 - 00000000 ____D C:\Users\takezo\AppData\Local\{CCD92D8E-7C5A-4CE7-A14A-C29E77AE7E90}
2013-10-29 09:48 - 2010-08-30 10:32 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-29 09:41 - 2010-08-30 10:32 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-29 09:41 - 2010-08-30 10:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-29 09:34 - 2013-10-29 09:34 - 00000000 ____D C:\Users\takezo\AppData\Local\{9CC932EC-6B4C-4688-B47F-266EB1EAB1A5}
2013-10-28 08:38 - 2013-10-28 08:38 - 00000000 ____D C:\Users\takezo\AppData\Local\{8FC33A20-79B6-487A-A5B4-CFE5A4ACE312}
2013-10-28 05:52 - 2009-07-14 05:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-27 20:38 - 2013-10-27 20:38 - 00000000 ____D C:\Users\takezo\AppData\Local\{6D87A2DB-D742-412B-AEF6-3FC35F78A1DE}
2013-10-27 08:38 - 2013-10-27 08:37 - 00000000 ____D C:\Users\takezo\AppData\Local\{59601BDD-0A83-4BF3-9DDF-962F7CF1F050}
2013-10-26 20:05 - 2013-10-26 20:04 - 00000000 ____D C:\Users\takezo\AppData\Local\{263617D9-CC1D-47B9-B22E-7797AE04F7DA}
2013-10-26 08:04 - 2013-10-26 08:04 - 00000000 ____D C:\Users\takezo\AppData\Local\{1D4026E1-5A35-4FEC-9B00-13346A85C7A6}
2013-10-25 21:03 - 2013-10-25 20:20 - 00000000 ____D C:\Users\takezo\Documents\Assassin's Creed III
2013-10-25 19:49 - 2013-10-25 19:49 - 00000000 ____D C:\Users\takezo\AppData\Local\Apps\2.0
2013-10-25 19:49 - 2013-10-25 19:49 - 00000000 ____D C:\Users\takezo\AppData\Local\{D1DC136C-78CF-4DA5-9F95-ACA1A0CA13C5}
2013-10-25 19:33 - 2010-12-29 20:53 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-10-25 19:33 - 2010-08-30 19:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-25 19:32 - 2013-10-25 19:32 - 00001165 _____ C:\Users\takezo\Desktop\Uplay.lnk
2013-10-25 19:32 - 2013-10-25 19:32 - 00000000 ____D C:\Users\takezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2013-10-25 19:26 - 2013-10-25 15:36 - 00035719 _____ C:\Windows\DirectX.log
2013-10-25 13:06 - 2013-10-25 13:05 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\takezo\Downloads\tdsskiller.exe
2013-10-25 07:49 - 2013-10-25 07:49 - 00000000 ____D C:\Users\takezo\AppData\Local\{D70EFCC9-778E-45C2-ABEA-54DFCA8E7B61}
2013-10-24 19:48 - 2013-10-24 19:48 - 00000000 ____D C:\Users\takezo\AppData\Local\{37D049A6-B05F-44A5-BB8C-07F477F7AFE0}
2013-10-24 16:06 - 2012-11-28 13:04 - 00002119 _____ C:\Users\Public\Desktop\SDL Trados Studio 2011.lnk
2013-10-24 07:48 - 2013-10-24 07:48 - 00000000 ____D C:\Users\takezo\AppData\Local\{F6507408-3C7F-40BD-944C-8E5A324C5519}
2013-10-23 22:48 - 2010-08-30 10:20 - 00000000 ____D C:\Users\takezo
2013-10-23 19:22 - 2013-10-23 19:22 - 00000000 ____D C:\Users\takezo\AppData\Local\{FF6AC9F1-6173-47A6-910A-6664DFEB3C98}
2013-10-23 16:01 - 2010-10-30 19:08 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-10-23 15:46 - 2013-10-23 15:46 - 01955374 _____ (Farbar) C:\Users\takezo\Downloads\FRST64(1).exe
2013-10-23 10:30 - 2013-10-29 09:44 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-23 10:30 - 2013-10-29 09:44 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-23 10:30 - 2013-10-29 09:44 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-23 10:30 - 2012-10-10 21:23 - 18286416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-10-23 10:30 - 2012-10-10 21:23 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-23 10:30 - 2012-10-10 21:23 - 03067560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-10-23 10:30 - 2012-10-10 21:22 - 15212336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-10-23 10:30 - 2012-10-10 21:22 - 02695200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-10-23 10:30 - 2010-08-30 10:31 - 00023287 _____ C:\Windows\system32\nvinfo.pb
2013-10-23 08:20 - 2010-10-16 13:13 - 06669600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-10-23 08:20 - 2010-10-16 13:13 - 03489568 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-10-23 08:20 - 2010-10-16 13:13 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-10-23 08:20 - 2010-10-16 13:13 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-10-23 08:20 - 2010-10-16 13:13 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-10-23 08:20 - 2010-07-09 15:17 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-10-23 07:21 - 2013-10-23 07:21 - 00000000 ____D C:\Users\takezo\AppData\Local\{7C7F560A-A464-4FD3-AB9E-B5934C5A567D}
2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-10-22 19:21 - 2013-10-22 19:21 - 00000000 ____D C:\Users\takezo\AppData\Local\{9201E149-CEC6-4186-95D8-0733E1990002}
2013-10-22 18:04 - 2010-08-30 12:11 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-10-22 09:14 - 2013-10-22 09:14 - 00000000 ____D C:\Program Files\VideoLAN
2013-10-22 09:12 - 2013-10-22 09:12 - 23280480 _____ C:\Users\takezo\Downloads\vlc-2.1.0-win64.exe
2013-10-22 07:20 - 2013-10-22 07:20 - 00000000 ____D C:\Users\takezo\AppData\Local\{7930521C-4E8B-4168-B104-31026A257C9D}
2013-10-21 18:14 - 2013-10-21 18:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-21 18:13 - 2013-10-21 18:13 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 09:45 - 2013-10-21 09:45 - 00000000 ____D C:\Users\takezo\AppData\Local\{4078EAD6-B357-4C6F-9E02-71193A28DCC1}
2013-10-20 21:45 - 2013-10-20 21:45 - 00000000 ____D C:\Users\takezo\AppData\Local\{AD5B90A0-406C-44C5-8C57-AA49B8AA721C}
2013-10-20 09:45 - 2013-10-20 09:44 - 00000000 ____D C:\Users\takezo\AppData\Local\{A95B567E-CF0A-48EF-B1E3-7BCF60ED8814}
2013-10-19 09:09 - 2013-10-19 09:08 - 00000000 ____D C:\Users\takezo\AppData\Local\{34698E1E-E1CB-4F76-BA42-ACF565E3B001}
2013-10-18 21:08 - 2013-10-18 21:08 - 00000000 ____D C:\Users\takezo\AppData\Local\{06720CB0-D406-4A25-A6E6-159FDC749862}
2013-10-18 13:09 - 2013-10-18 13:07 - 00000000 ____D C:\Users\takezo\Documents\Hard Reset Extended
2013-10-18 13:05 - 2013-10-18 13:05 - 00000000 ____D C:\Users\takezo\AppData\Roaming\Hard Reset
2013-10-18 13:04 - 2013-10-18 13:04 - 00000000 ____D C:\Users\takezo\AppData\Roaming\Kalypso Media
2013-10-18 13:03 - 2013-10-18 13:03 - 00001289 _____ C:\Users\Public\Desktop\Hard Reset - Extended Edition.lnk
2013-10-18 12:56 - 2013-10-18 12:56 - 00000000 ____D C:\Program Files (x86)\Kalypso Media
2013-10-18 10:12 - 2013-10-18 10:13 - 01345792 _____ C:\Users\takezo\Downloads\Nexus-7-Handbuch-Setup(1).exe
2013-10-18 10:12 - 2013-10-18 10:12 - 01345792 _____ C:\Users\takezo\Downloads\Nexus-7-Handbuch-Setup.exe
2013-10-18 09:08 - 2013-10-18 09:08 - 00000000 ____D C:\Users\takezo\AppData\Local\{414C1435-E169-41CF-A560-BF4A3FE6E343}
2013-10-18 01:36 - 2013-10-29 09:41 - 01063200 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-18 01:36 - 2013-10-29 09:41 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-17 21:08 - 2013-10-17 21:07 - 00000000 ____D C:\Users\takezo\AppData\Local\{55DCD970-1D85-4A0A-AE01-1AFA376E89A6}
2013-10-17 09:36 - 2013-10-02 12:13 - 00000000 ___RD C:\Users\takezo\Documents\HP Photo Creations
2013-10-17 09:35 - 2013-10-02 12:09 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-10-17 09:07 - 2013-10-17 09:07 - 00000000 ____D C:\Users\takezo\AppData\Local\{8AC30231-7DCC-4F11-B278-D3C1A555865C}
2013-10-16 19:34 - 2013-10-16 19:34 - 00000000 ____D C:\Users\takezo\AppData\Local\{DA94BA3E-F0AA-4859-8D08-8F87EEA0D4C5}
2013-10-16 14:32 - 2013-10-16 14:31 - 00000000 ____D C:\Program Files (x86)\HP Smart Document Scan Software 3
2013-10-16 14:31 - 2013-10-16 14:31 - 00002067 _____ C:\Users\Public\Desktop\HP Smart Document-Scansoftware 3.6.1.lnk
2013-10-16 07:47 - 2013-10-16 07:47 - 08955640 _____ C:\Users\takezo\Downloads\Visuals.zip
2013-10-16 07:34 - 2013-10-16 07:34 - 00000000 ____D C:\Users\takezo\AppData\Local\{40926ED7-6661-4FF5-98CF-A4CCFE310B34}
2013-10-16 00:48 - 2013-10-22 12:13 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-10-16 00:48 - 2013-10-22 12:13 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-10-15 19:33 - 2013-10-15 19:33 - 00000000 ____D C:\Users\takezo\AppData\Local\{EFBDF3FE-AD90-40C7-A0A5-B148791C17E1}
2013-10-15 07:42 - 2013-10-15 07:42 - 01371906 _____ C:\Users\takezo\Downloads\Nexus-7-Guidebook-2013.zip
2013-10-15 07:33 - 2013-10-15 07:33 - 00000000 ____D C:\Users\takezo\AppData\Local\{AC814E64-E7FE-4A08-82EB-030ED1E1FBA8}

Some content of TEMP:
====================
C:\Users\takezo\AppData\Local\Temp\install_reader11_de_mssd_aaa_aih.exe
C:\Users\takezo\AppData\Local\Temp\nsa7DCC.exe
C:\Users\takezo\AppData\Local\Temp\nsaFB54.exe
C:\Users\takezo\AppData\Local\Temp\nsg9C41.exe
C:\Users\takezo\AppData\Local\Temp\nsgAB32.exe
C:\Users\takezo\AppData\Local\Temp\nsqDE21.exe
C:\Users\takezo\AppData\Local\Temp\nsv17E6.exe
C:\Users\takezo\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\takezo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\takezo\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\takezo\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\takezo\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\takezo\AppData\Local\Temp\nvStInst.exe
C:\Users\takezo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\takezo\AppData\Local\Temp\SPStub.exe
C:\Users\takezo\AppData\Local\Temp\tbConn.dll
C:\Users\takezo\AppData\Local\Temp\ubiF6FF.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-11 02:11

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Und hier auch gleich der Addition Inhalt:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by takezo at 2013-11-14 08:18:23
Running from C:\Users\takezo\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Across Personal Edition (x32 Version: 5.00.0)
Adobe Acrobat 6.0 Professional (x32 Version: 006.000.000)
Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Content Viewer (x32 Version: 1.4.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
AIDA64 Extreme Edition v3.00 (x32 Version: 3.00)
Apple Application Support (x32 Version: 2.3.4)
Apple Software Update (x32 Version: 2.1.3.127)
Application Verifier (x64) (Version: 4.1.1078)
Assassin's Creed(R) III v1.03 (x32 Version: 1.03)
Audiograbber 1.83 SE  (x32 Version: 1.83 SE )
Autodesk Express Viewer (x32 Version: 3.1)
Battlefield Play4Free (HKCU)
BCL easyConverter SDK 1.0.0 (x32 Version: 1.00.0034)
BioShock 2 (x32 Version: 1.0.0003.131)
BioShock 2 (x32 Version: 1.00.0000)
Bonjour (Version: 3.0.0.10)
Chinese Simplified Fonts Support For Adobe Reader 9 (x32 Version: 9.0.0)
Chinese Traditional Fonts Support For Adobe Reader 9 (x32 Version: 9.0.0)
Crysis® 2 (x32 Version: 1.0.0.0)
CygniCon (x32 Version: 1.0.8.6)
D3DX10 (x32 Version: 15.4.2368.0902)
Debugging Tools for Windows (x64) (Version: 6.12.2.633)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Defraggler (Version: 2.15)
Dual-Core Optimizer (x32 Version: 1.1.4.0169)
EA Download Manager (x32 Version: 4.0.0.455)
eMule (x32)
ESET Online Scanner v3 (x32)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
FileZilla Client 3.7.3 (x32 Version: 3.7.3)
Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1)
GeForce Experience NvStream Client Components (Version: 1.6.28)
Google Chrome (x32 Version: 31.0.1650.48)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Hard Reset - Extended Edition version 1.5 (x32 Version: 1.5)
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Photo Creations (x32 Version: 1.0.0.12412)
HP Smart Document Scan Software (x32 Version: 3.60.1000)
HP Update (x32 Version: 5.003.003.001)
Idiom WorldServer Desktop Workbench (x32 Version: 9.0.1.60)
ImgBurn (x32 Version: 2.5.5.0)
iTunes (Version: 11.0.3.42)
J2SE Runtime Environment 5.0 Update 10 (x32 Version: 1.5.0.100)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Internet Security (x32 Version: 14.0.0.4651)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mass Effect™ 3 (x32 Version: 1.04.0.0)
memoQ 6.2 (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42)
Microsoft Publisher 2010 (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (ACROSS) (x32 Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (x32 Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Windows Performance Toolkit (Version: 4.8.0)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.7600.0.30514)
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514)
Microsoft WSE 2.0 SP3 Runtime (x32 Version: 2.0.5050.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0)
Mozilla Firefox 25.0 (x86 de) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10600.6.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0)
Nero BackItUp 10 (x32 Version: 5.4.11600.19.100)
Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10700)
Nero Burning ROM 10 (x32 Version: 10.0.11100.10.100)
Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10700)
Nero BurnRights 10 (x32 Version: 4.0.11000.12.100)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10600)
Nero Control Center 10 (x32 Version: 10.0.12000.1.4)
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700)
Nero Core Components 10 (x32 Version: 2.0.13700.0.1)
Nero CoverDesigner 10 (x32 Version: 5.0.10900.11.100)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10600)
Nero DiscSpeed 10 (x32 Version: 6.0.10800.7.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10600)
Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10)
Nero Express 10 (x32 Version: 10.0.11000.10.100)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10700)
Nero InfoTool 10 (x32 Version: 7.0.10800.8.100)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10600)
Nero MediaHub 10 (x32 Version: 1.0.13400.11.100)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10700)
Nero Multimedia Suite 10 (x32 Version: 10.0.13100)
Nero Recode 10 (x32 Version: 4.6.10900.4.100)
Nero Recode 10 Help (CHM) (x32 Version: 1.0.10600)
Nero RescueAgent 10 (x32 Version: 3.0.10900.9.100)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10700)
Nero SoundTrax 10 (x32 Version: 4.6.10600.2.100)
Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10600)
Nero StartSmart 10 (x32 Version: 10.0.11200.12.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10700)
Nero Update (x32 Version: 1.0.0017)
Nero Vision 10 (x32 Version: 7.0.11100.8.100)
Nero Vision 10 Help (CHM) (x32 Version: 1.0.10600)
Nero WaveEditor 10 (x32 Version: 5.6.10600.2.100)
Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10600)
Norwegisch AKTIV Demo (x32)
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33)
NVIDIA 3D Vision Controller-Treiber 331.65 (Version: 331.65)
NVIDIA 3D Vision Treiber 331.65 (Version: 331.65)
NVIDIA GeForce Experience 1.7 (Version: 1.7)
NVIDIA Grafiktreiber 331.65 (Version: 331.65)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 9.3.16 (Version: 9.3.16)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165)
NVIDIA Systemsteuerung 331.65 (Version: 331.65)
NVIDIA Update 9.3.16 (Version: 9.3.16)
NVIDIA Update Components (Version: 9.3.16)
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)
Open XML SDK 2.0 for Microsoft Office (x32 Version: 2.0.5022)
Origin (x32 Version: 9.1.3.2637)
PaperPort (x32 Version: 9.02.0814)
PosteRazor (x32 Version: 1.5)
PunkBuster Services (x32 Version: 0.990)
QuickTime (x32 Version: 7.74.80.86)
RealPlayer (x32 Version: 15.0.4)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Rosetta Stone Version 3 (x32 Version: 3.3.7.0)
RT 7 Lite (64-Bit) (HKCU Version: 2.6.0)
RT 7 Lite x64 (Version: 2.6.0)
Safari (x32 Version: 5.34.57.2)
Samsung Kies (x32 Version: 2.5.0.12114_1)
Samsung Mobile phone USB driver Drive Software
Samsung New PC Studio (x32 Version: 1.00.0000)
Samsung PC Studio 3 USB Driver Installer (x32 Version: 3.2.0.70701)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
Sapo movel (x32 Version: 16.001.06.00.84)
Screenshot Captor 2.88.01 (x32)
SDL MultiTerm SideBySide Tools (x32 Version: 1.0.181)
SDL Passolo 2009 Essential SR3 (x32 Version: SDL Passolo 2009 Essential SR3)
SDL Passolo Essential 2011 SP6 (x32 Version: 11.6.0.0)
SDL Trados 2007 Freelance (x32 Version: 8.2.835)
SDL Trados 2011 SP2R - Remove suite of products (x32 Version: 2.2.3046)
SDL Trados Studio 2009 SP3 (x32 Version: 1.3.2307.0)
SDL Trados Studio 2011 SP2R (x32 Version: 2.2.3109)
SDL Trados Synergy 2007 (x32 Version: 2.1.132.0)
SDL XLIFF Converter for Microsoft Office (x32 Version: 1.0.0)
SDLX (x32 Version: 9.2.7035)
Search Protect by conduit (x32 Version: 1.7.0.72)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
SHIELD Streaming (Version: 1.6.34)
SiSoftware Sandra Lite 2011.SP5 (Version: 17.80.2011.10)
Skype™ 6.9 (x32 Version: 6.9.106)
softOSD Client (Build 1445) (x32)
Steam (x32 Version: 1.0.0.0)
StreamTorrent 1.0 (x32)
System Requirements Lab (x32)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
UltraISO Premium V9.36 (x32)
Unigine Heaven DX11 Benchmark 2.5 version 2.5 (x32 Version: 2.5)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Uplay (x32 Version: 2.0)
Veetle TV (x32 Version: 0.9.19)
VLC media player 2.1.0 (Version: 2.1.0)
vShare.tv plugin 1.3 (x32 Version: 1.3)
WIDCOMM Bluetooth Software (Version: 6.2.1.2600)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (Version: 04/08/2010 6.3.5.430)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR Archivierer (x32)
Wordfast (x32)
XBMC (HKCU)
Xiph.Org Open Codecs 0.84.17359 (x32 Version: 0.84.17359)

==================== Restore Points  =========================

30-10-2013 13:41:16 Geplanter Prüfpunkt
07-11-2013 00:58:29 Geplanter Prüfpunkt
11-11-2013 21:43:37 Installed Zamzom Wireless

==================== Hosts content: ==========================

2009-07-14 02:34 - 2013-08-08 16:29 - 00434097 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {096BDEBF-BA00-40DD-834D-623E0FAE9827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0E9AFC25-4523-4951-9309-6F9522AC8266} - System32\Tasks\Dealply => C:\Users\takezo\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: {254FE186-6D67-4E1A-9086-2618E31FA0D8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3AEC12E8-AA2B-46AA-ABA8-8BE1DB57A2F7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3910134369-2734785477-1122838081-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {3FEABF15-BBD2-479F-896C-54FFFF9C2627} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {4D292446-79FD-4571-A06A-873D536DE552} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe
Task: {58A432A0-F99C-4C04-A098-54BFF6356D87} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-05] (Google Inc.)
Task: {7D5453F1-E363-4277-BDD1-D4DB11083D3D} - System32\Tasks\{5972AF8D-CC82-419B-AFB5-A66FFDB3D837} => C:\Windows\System32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {8008DF15-EC18-46D7-80BB-40492C4D3F65} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {8DC3736E-4C5B-4C99-8035-C7AB90E53262} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe
Task: {9B54A048-E8D9-4527-95DF-F4DB213B211E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {B7BE82A3-35C4-4E57-A266-677A4597CC4C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D2E770E9-5CE3-47A2-AB97-C1DA648E1BB1} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3910134369-2734785477-1122838081-1001 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {DB590F86-0284-49C2-A313-341B022AAE69} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-09-20] ()
Task: {F21148BB-A4B6-4F9C-8D9B-655F2F5A3418} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-05] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 14:42 - 2010-01-02 14:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-06-17 11:35 - 2013-06-17 11:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 13:52 - 2013-05-08 13:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-11-11 23:00 - 2013-10-26 01:53 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:netNLSPreferences
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se64a.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Diskettenlaufwerk
Description: Diskettenlaufwerk
Class Guid: {4d36e980-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standarddiskettenlaufwerke)
Service: flpydisk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2013 07:37:23 AM) (Source: MSSQL$ACROSS) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.

Error: (11/14/2013 07:37:23 AM) (Source: MSSQL$ACROSS) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.

Error: (11/14/2013 07:37:06 AM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceMain Version 2. (Error: 87)

Error: (11/13/2013 11:46:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8424

Error: (11/13/2013 11:46:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8424

Error: (11/13/2013 11:46:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/13/2013 04:48:44 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (11/13/2013 06:11:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13042

Error: (11/13/2013 06:11:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13042

Error: (11/13/2013 06:11:59 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/14/2013 07:37:51 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen
tvtool

Error: (11/14/2013 07:37:14 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NewServiceInstall1" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%193

Error: (11/14/2013 07:36:26 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (11/14/2013 02:07:57 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/13/2013 06:12:04 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (11/13/2013 00:33:43 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen
tvtool

Error: (11/13/2013 00:33:23 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/13/2013 00:33:23 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (11/13/2013 00:33:10 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NewServiceInstall1" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%193

Error: (11/13/2013 00:32:23 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office Sessions:
=========================
Error: (02/18/2013 07:54:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4351 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (09/05/2012 09:03:41 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1671 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (05/01/2012 07:37:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 675 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (05/01/2012 07:25:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 52 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/01/2012 07:24:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3566 seconds with 2040 seconds of active time.  This session ended with a crash.

Error: (12/19/2011 09:48:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6980 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (07/12/2011 03:37:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1553 seconds with 1440 seconds of active time.  This session ended with a crash.

Error: (09/24/2010 05:57:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 797 seconds with 300 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-10-22 18:34:59.760
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\Temp\TMP00000049F35007B31D472B69" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 18:34:59.612
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\Temp\TMP00000049F35007B31D472B69" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 18:34:59.432
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\Temp\TMP00000049F35007B31D472B69" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 18:02:37.248
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 18:02:37.227
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 18:02:37.225
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 16:47:57.269
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 16:47:57.267
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-22 16:47:57.264
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-21 19:26:44.229
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\Temp\TMP00000049F35007B31D472B69" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 4091.49 MB
Available physical RAM: 1988.94 MB
Total Pagefile: 10089.67 MB
Available Pagefile: 7626.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:276.11 GB) NTFS
Drive d: (AC3) (CDROM) (Total:7.59 GB) (Free:0 GB) UDF
Drive e: (MUNEYOSHI) (Fixed) (Total:931.51 GB) (Free:650.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 825C8D9C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Beim Durchsehen ist mir der Text unter "Hosts Content" aufgefallen.
Ich hab vor ein paar Tagen wegen der Befürchtung, dass jemand auf meiner Internetwelle surft, nach einem Programm gesucht, mit dem ich das prüfen kann (Zamzom Wireless). Hatte dann auch gleich das Problem, dass sich ne nervige Toolbar in Chrome und Firefox installierte. Sollte ich eigentlich besser wissen, ich weiß;(

cosinus · 17.11.2013, 22:07

Hallo und

GMX-Passwort hast du schon geändert? Wenn nicht das jetzt umgehend erledigen!

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Takezo64 · 18.11.2013, 16:01

Hi!
Das Passwort hab ich schon deshalb geändert, weil GMX mein Konto wegen verdächtiger Aktivitäten zeitweise gesperrt hat. Allerdings habe ich jetzt jeden Tag Hunderte fehlgeschlagener Anmeldeversuche. Na ja, immerhin scheint GMX das nicht groß zu kümmern. Mich würde mal interessieren, diese Anmeldvrsuche kommen ja wohl von einem Spammer, oder?

Was die Protokolle betrifft, so habe ich Malwarebytes mehrmals letzte Woche ausgeführt und immer Bedrohungen gefunden. Allerdings habe ich die Funde auch gleich bereinigt. (DIe meisten vom Typ PUP.optional...) Sorry! Schien mit angebracht, weil ich, wie gesagt, GMX zum Arbeiten verwende und es wahnsinnig nervig wäre, ne neu Adresse einrichten zu müssen.

Hier ein OTL Log von heute:

Code:

ATTFilter

OTL logfile created on: 18.11.2013 12:06:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\takezo\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,16% Memory free
9,85 Gb Paging File | 7,23 Gb Available in Paging File | 73,38% Paging File free
Paging file location(s): c:\pagefile.sys 6000 12000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 280,19 Gb Free Space | 60,17% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 648,26 Gb Free Space | 69,59% Space Free | Partition Type: NTFS
 
Computer Name: TAKEZO-PC | User Name: takezo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\takezo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe (Adobe Systems, Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\SysWOW64\nalserv.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Kilgray\memoQ62\AUClient.exe ()
PRC - C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Windows\SysWOW64\softLCP.exe (EnTech Taiwan)
PRC - C:\Program Files (x86)\softOSD\softOSD.exe (EnTech Taiwan)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\46ecb4d070c6544e3fdc98babdfa64f7\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\914ef80bae2982be1cca1ff78ea70413\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\79c00c33c9b15f1c0218e8500a7a95d1\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d8e116b499242450cf3dfa19d008c6d5\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1ea33367a418c3425d62c57c320944ba\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ee2269a68f0aa96d88f891318f8d6cef\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Practices#\25b26b9d79ba2917df8a188cc7d83fa6\Microsoft.Practices.ServiceLocation.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\e9c64e3754d690b4edbc91cff7870def\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\876a6e3ad28ad8fb6303fd81630f4366\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\625ef7b392f799bdd0ebe0e364bc7b40\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9d45dce6549781f8eaf4bfa5f1311bc6\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\c0a67abed7df54004613628d9db92a68\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ddab8d958a389e0578db75ff35a5d772\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NvStreamSvc) -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (avp) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Kaspersky Lab ZAO)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NalServ) -- C:\Windows\SysWOW64\nalserv.exe (Nalpeiron Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Kilgray: memoQ update permissions manager. 2595325.) -- C:\Program Files (x86)\Kilgray\memoQ62\AUClient.exe ()
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (softOSD) -- C:\Program Files (x86)\softOSD\softOSD.exe (EnTech Taiwan)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe (SiSoftware)
SRV - (NewServiceInstall1) -- C:\Program Files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab ZAO)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (klflt) -- C:\Windows\SysNative\drivers\klflt.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (klpd) -- C:\Windows\SysNative\drivers\klpd.sys (Kaspersky Lab ZAO)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (se64a) -- C:\Windows\SysNative\drivers\se64a.sys (EnTech Taiwan)
DRV:64bit: - (BTWUSB) -- C:\Windows\SysNative\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (se64a) -- C:\Windows\SysWOW64\drivers\se64a.sys (EnTech Taiwan)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{DB9720DB-25F2-4C15-8F7D-6B8A64F3B3B8}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 62 97 C7 B8 51 CB 01  [binary data]
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes\{2EB24800-C98E-40B6-8D84-731976BC6A0A}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN34622877863902463&UM=2
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes\{6ABCD5EE-36EE-8A5A-23B3-42B5A8CC4DFB}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes\{DB9720DB-25F2-4C15-8F7D-6B8A64F3B3B8}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1008\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.5
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.8.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013.08.07 23:25:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013.10.02 15:37:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013.11.07 09:23:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013.10.02 15:37:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013.10.02 15:37:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013.10.02 15:37:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.11.15 23:20:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.04.14 06:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions
[2012.04.14 06:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions\Profiles
[2012.04.14 06:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions\Profiles\u9qpwlm1.default\extensions
[2012.04.14 06:18:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions\Profiles\u9qpwlm1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.04.14 06:18:22 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions\Profiles\u9qpwlm1.default\extensions\2020Player_IKEA@2020Technologies.com
[2013.11.13 00:35:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\Firefox\Profiles\dxsiuzp1.default\extensions
[2013.11.11 23:39:37 | 000,000,000 | ---D | M] (WOT) -- C:\Users\takezo\AppData\Roaming\mozilla\Firefox\Profiles\dxsiuzp1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.02.08 06:46:27 | 000,113,603 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\nosquint@urandom.ca.xpi
[2012.04.14 05:41:31 | 000,576,962 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\toolbar@web.de.xpi
[2011.09.16 09:45:49 | 000,688,336 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}.xpi
[2011.08.03 07:26:41 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
[2012.04.04 05:42:15 | 000,520,884 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.01.06 11:08:49 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.24 06:39:53 | 000,686,225 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2011.08.03 07:26:41 | 000,010,606 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
[2013.11.13 00:35:25 | 000,589,081 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\dxsiuzp1.default\extensions\toolbar@gmx.net.xpi
[2013.11.11 23:39:37 | 000,534,744 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\dxsiuzp1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.11.11 23:07:20 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\dxsiuzp1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.11.13 00:35:38 | 000,002,353 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\dxsiuzp1.default\searchplugins\englische-ergebnisse.xml
[2013.11.13 00:35:37 | 000,002,822 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\dxsiuzp1.default\searchplugins\gmx-suche.xml
[2013.11.13 00:35:38 | 000,002,432 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\dxsiuzp1.default\searchplugins\lastminute.xml
[2013.11.13 00:35:37 | 000,005,637 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\dxsiuzp1.default\searchplugins\webde-suche.xml
[2013.11.15 23:20:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.11.15 23:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.11.15 23:20:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Learn Norwegian = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkaecdhlnfkbaclahgdlkmpcoheacal\1.0_0\
CHR - Extension: Google-Suche = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\14.0.0.4651_0\
CHR - Extension: AdBlock = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\14.0.0.4651_0\
CHR - Extension: Modul zum Sperren von gef\u00E4hrlichen Webseiten = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\14.0.0.4651_0\
CHR - Extension: Virtual Keyboard = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\14.0.0.4794_0\
CHR - Extension: Google Wallet = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Mail = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.08.08 16:29:55 | 000,434,097 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14938 more lines...
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001..\Run: [60B4777B1CB62094B64B93BC48B5F6412B595D84._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h File not found
O4 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001..\Run: [TBHostSupport] C:\Users\takezo\AppData\Local\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1008..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Zu Anti-Banner hinzufügen - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Zu Anti-Banner hinzufügen - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Link-Untersuchung - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Link-Untersuchung - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A7298A0-86C5-42B2-8D33-EEC3FF16E7A7}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A06C56FD-272D-4340-BD27-4A9245B13AA5}: NameServer = 88.214.182.2 88.214.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011.04.05 19:46:00 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2013.10.22 12:34:01 | 000,000,000 | ---D | M] - E:\Auto -- [ NTFS ]
O33 - MountPoints2\{6d46aea9-bbdc-11df-b0c2-00241ddcc840}\Shell - "" = AutoRun
O33 - MountPoints2\{6d46aea9-bbdc-11df-b0c2-00241ddcc840}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{6d46aeaf-bbdc-11df-b0c2-00241ddcc840}\Shell - "" = AutoRun
O33 - MountPoints2\{6d46aeaf-bbdc-11df-b0c2-00241ddcc840}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O33 - MountPoints2\{90c94552-a630-11e1-aadf-00241ddcc840}\Shell - "" = AutoRun
O33 - MountPoints2\{90c94552-a630-11e1-aadf-00241ddcc840}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{90c94561-a630-11e1-aadf-00241ddcc840}\Shell - "" = AutoRun
O33 - MountPoints2\{90c94561-a630-11e1-aadf-00241ddcc840}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.11.15 23:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.11.15 05:23:22 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.11.15 05:23:22 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.11.15 05:23:22 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013.11.15 05:23:22 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013.11.15 05:23:22 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013.11.15 05:22:54 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.11.15 05:22:54 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.11.15 05:22:54 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013.11.15 05:22:54 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013.11.15 05:22:54 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013.11.15 05:22:49 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013.11.15 05:22:36 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.11.15 05:22:34 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.11.15 05:22:34 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.11.15 05:22:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.11.15 05:22:33 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.11.15 05:22:33 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.11.15 05:22:33 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.11.15 05:22:23 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.11.15 05:22:08 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013.11.15 05:22:08 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013.11.15 05:22:08 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013.11.15 05:22:08 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013.11.15 05:18:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\takezo\Desktop\OTL.exe
[2013.11.15 05:00:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.11.14 08:16:09 | 000,000,000 | ---D | C] -- C:\FRST
[2013.11.14 02:09:10 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{479BB001-A4E2-4FE2-8E27-8FBBD106ABAA}
[2013.11.13 10:12:05 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{DB3E866A-6CC3-486E-920D-0D0DC77BD88B}
[2013.11.12 21:28:15 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{6E2B2D9B-6D9C-4892-8351-A3F9E5CD87E2}
[2013.11.12 17:23:26 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\PunkBuster
[2013.11.12 17:22:06 | 000,000,000 | ---D | C] -- C:\Users\takezo\Documents\Battlefield Play4Free
[2013.11.12 16:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2013.11.12 12:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.11.12 09:27:49 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{12CAA9D3-0A76-4254-8D3F-93721BD9535D}
[2013.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.11.11 21:54:42 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\TBHostSupport
[2013.11.11 21:45:50 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\WhiteListing
[2013.11.11 21:44:53 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\NativeMessaging
[2013.11.11 21:44:43 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\CRE
[2013.11.11 21:27:24 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{2850D5C3-47E3-4C14-AE13-12CFD0A574A6}
[2013.11.11 09:27:12 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{99566EB5-2E46-4DA8-8998-257D706223D5}
[2013.11.10 21:26:46 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{DA2E4DAA-AB4E-4289-BB17-9F7372C8DBB6}
[2013.11.10 09:26:33 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{41459571-32C7-4FE0-9A29-5D7ABE27F58B}
[2013.11.09 21:03:26 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{38FE0129-3C99-46D8-90C0-26A3E479F0B3}
[2013.11.09 09:03:14 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{002FF69F-6ED2-4D0F-86CF-BD57380CE5C0}
[2013.11.08 21:02:49 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{772F7ED0-65B5-4CAC-B94E-4B244FA10C26}
[2013.11.08 09:02:37 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{2EA247FF-3C72-44C1-8253-24D98E1E51C4}
[2013.11.07 21:02:11 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{6C80A30D-0B62-4E0B-9E2E-11394E47796C}
[2013.11.07 09:01:59 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{40DFC205-FD40-49B7-8FFD-83BBE0D2DA00}
[2013.11.06 21:01:34 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{9ADB06EE-8995-40C4-A1E0-3F7C8C3BDE54}
[2013.11.06 09:01:08 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{0CFAA56C-32F7-4BD5-BDA0-79ADEC622DEE}
[2013.11.05 21:00:43 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{93C8212C-04A9-481F-8D7A-D09913F93564}
[2013.11.05 09:00:30 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{E0424539-C448-4F18-8440-115C2D717CF9}
[2013.11.04 21:00:05 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{8DF8A954-7E6A-404A-BF15-EA35D68AC588}
[2013.11.04 08:59:53 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{B16D29B3-3C19-49E7-BDB9-513D274377AA}
[2013.11.03 20:59:27 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{46D66DD8-B028-4725-BE06-A24206900B75}
[2013.11.03 08:59:14 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{7AE15DAD-3D49-43CB-9DE6-14E48C529851}
[2013.11.02 18:49:45 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{C547B2FA-0EA0-44FA-9CCD-E1E08AAC2CAE}
[2013.11.02 06:49:33 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{FA3EFFD5-CE1F-4084-A7D9-F52C4FE8C8E7}
[2013.11.01 09:36:36 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{9160682B-0BBF-489F-8A54-E938F83553E9}
[2013.10.31 21:36:11 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{D3364484-32FF-40B0-B8F1-037291402CA4}
[2013.10.31 09:35:59 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{C1354F50-077C-4C77-B21C-4EE226C63B47}
[2013.10.30 21:35:34 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{FE357A81-8D3C-46FE-B01E-9731472EAAC5}
[2013.10.30 09:35:21 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{A7BD3ACC-B326-4710-A79D-9ACA389AE854}
[2013.10.29 21:34:56 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{CCD92D8E-7C5A-4CE7-A14A-C29E77AE7E90}
[2013.10.29 09:44:40 | 030,344,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.10.29 09:44:40 | 025,257,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.10.29 09:44:40 | 022,933,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.10.29 09:44:40 | 018,199,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.10.29 09:44:40 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.10.29 09:44:40 | 011,426,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.10.29 09:44:40 | 011,374,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.10.29 09:44:40 | 009,524,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.10.29 09:44:40 | 009,480,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.10.29 09:44:40 | 003,131,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.10.29 09:44:40 | 003,124,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.10.29 09:44:40 | 002,946,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.10.29 09:44:40 | 002,747,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.10.29 09:44:40 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433165.dll
[2013.10.29 09:44:40 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433165.dll
[2013.10.29 09:44:40 | 000,696,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013.10.29 09:44:40 | 000,655,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013.10.29 09:44:40 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013.10.29 09:44:40 | 000,560,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013.10.29 09:41:12 | 001,063,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2013.10.29 09:41:12 | 000,955,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2013.10.29 09:38:23 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2013.10.29 09:38:22 | 000,028,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2013.10.29 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{9CC932EC-6B4C-4688-B47F-266EB1EAB1A5}
[2013.10.28 08:38:38 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{8FC33A20-79B6-487A-A5B4-CFE5A4ACE312}
[2013.10.27 20:38:12 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{6D87A2DB-D742-412B-AEF6-3FC35F78A1DE}
[2013.10.27 08:37:59 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{59601BDD-0A83-4BF3-9DDF-962F7CF1F050}
[2013.10.26 20:04:50 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{263617D9-CC1D-47B9-B22E-7797AE04F7DA}
[2013.10.26 08:04:22 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{1D4026E1-5A35-4FEC-9B00-13346A85C7A6}
[2013.10.25 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\takezo\Documents\Assassin's Creed III
[2013.10.25 19:49:40 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{D1DC136C-78CF-4DA5-9F95-ACA1A0CA13C5}
[2013.10.25 19:32:39 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013.10.25 07:49:05 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{D70EFCC9-778E-45C2-ABEA-54DFCA8E7B61}
[2013.10.24 19:48:37 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{37D049A6-B05F-44A5-BB8C-07F477F7AFE0}
[2013.10.24 07:54:01 | 000,000,000 | ---D | C] -- C:\Users\takezo\Desktop\Alte Firefox-Daten
[2013.10.24 07:48:08 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{F6507408-3C7F-40BD-944C-8E5A324C5519}
[2013.10.23 19:22:09 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{FF6AC9F1-6173-47A6-910A-6664DFEB3C98}
[2013.10.23 07:21:39 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{7C7F560A-A464-4FD3-AB9E-B5934C5A567D}
[2013.10.23 03:02:36 | 000,589,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013.10.22 19:21:09 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{9201E149-CEC6-4186-95D8-0733E1990002}
[2013.10.22 12:13:23 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433158.dll
[2013.10.22 12:13:23 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433158.dll
[2013.10.22 09:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.10.22 07:20:37 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{7930521C-4E8B-4168-B104-31026A257C9D}
[2013.10.21 18:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.10.21 18:13:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.10.21 18:13:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.10.21 09:45:38 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{4078EAD6-B357-4C6F-9E02-71193A28DCC1}
[2013.10.20 21:45:11 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{AD5B90A0-406C-44C5-8C57-AA49B8AA721C}
[2013.10.20 09:44:57 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{A95B567E-CF0A-48EF-B1E3-7BCF60ED8814}
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.11.18 11:55:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013.11.18 11:39:00 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.18 11:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.11.18 10:24:22 | 000,026,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.18 10:24:22 | 000,026,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.18 10:16:37 | 000,001,004 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.11.18 10:16:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.18 10:16:17 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.16 09:09:57 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.11.15 05:18:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\takezo\Desktop\OTL.exe
[2013.11.14 22:41:00 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.11.14 11:30:55 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.11.14 11:30:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.11.12 17:26:17 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.11.12 17:26:17 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.11.12 16:35:20 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.11.12 13:20:51 | 002,510,942 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.11.12 13:20:51 | 002,471,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.11.12 13:20:51 | 001,846,640 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.11.12 13:20:51 | 001,817,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.11.12 13:20:51 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.11.11 23:00:26 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.11.07 09:23:20 | 000,623,200 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013.11.07 09:23:20 | 000,458,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
[2013.11.02 07:01:51 | 000,001,175 | ---- | M] () -- C:\Users\takezo\Desktop\November - Verknüpfung.lnk
[2013.10.25 19:32:21 | 000,001,165 | ---- | M] () -- C:\Users\takezo\Desktop\Uplay.lnk
[2013.10.24 16:06:36 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\SDL Trados Studio 2011.lnk
[2013.10.23 10:30:23 | 030,344,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.10.23 10:30:23 | 025,257,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.10.23 10:30:23 | 022,933,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.10.23 10:30:23 | 018,286,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.10.23 10:30:23 | 018,199,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.10.23 10:30:23 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.10.23 10:30:23 | 015,855,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.10.23 10:30:23 | 015,212,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.10.23 10:30:23 | 011,426,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.10.23 10:30:23 | 011,374,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.10.23 10:30:23 | 009,524,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.10.23 10:30:23 | 009,480,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.10.23 10:30:23 | 003,131,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.10.23 10:30:23 | 003,124,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.10.23 10:30:23 | 003,067,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.10.23 10:30:23 | 002,946,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.10.23 10:30:23 | 002,747,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.10.23 10:30:23 | 002,695,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.10.23 10:30:23 | 001,884,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433165.dll
[2013.10.23 10:30:23 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433165.dll
[2013.10.23 10:30:23 | 000,696,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013.10.23 10:30:23 | 000,655,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013.10.23 10:30:23 | 000,599,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013.10.23 10:30:23 | 000,560,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013.10.23 10:30:23 | 000,023,287 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.10.23 08:20:08 | 006,669,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.10.23 08:20:07 | 003,489,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.10.23 08:20:05 | 002,559,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.10.23 08:20:05 | 000,219,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.10.23 08:20:05 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.10.23 03:02:36 | 000,589,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.11.12 17:26:17 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.11.12 12:34:36 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.11.11 23:00:26 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.11.11 23:00:26 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.11.02 07:01:51 | 000,001,175 | ---- | C] () -- C:\Users\takezo\Desktop\November - Verknüpfung.lnk
[2013.10.28 06:00:40 | 006,647,699 | ---- | C] () -- C:\Users\takezo\Desktop\MenAMI_Powercon_03.pdf
[2013.10.25 19:32:21 | 000,001,165 | ---- | C] () -- C:\Users\takezo\Desktop\Uplay.lnk
[2013.10.21 18:13:59 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.08.14 14:47:04 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.08.01 07:00:17 | 000,000,128 | ---- | C] () -- C:\Users\takezo\AppData\Roaming\Sandra.ldb
[2013.07.23 08:16:26 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013.01.25 11:44:35 | 000,000,105 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.11.28 14:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.11.28 14:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.11.28 14:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.11.28 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.11.28 14:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.09.14 10:19:49 | 000,000,119 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.06.19 12:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.04.12 05:21:32 | 000,017,408 | ---- | C] () -- C:\Users\takezo\AppData\Local\WebpageIcons.db
[2011.09.29 07:47:23 | 011,165,696 | ---- | C] () -- C:\Users\takezo\AppData\Roaming\Sandra.mdb
[2011.07.26 09:18:01 | 000,003,373 | ---- | C] () -- C:\Users\takezo\unigine_20110726_1017.html
[2011.01.13 11:32:58 | 000,000,058 | ---- | C] () -- C:\Users\takezo\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2010.09.15 15:20:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.07 08:19:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.08.30 11:08:54 | 000,000,094 | ---- | C] () -- C:\Users\takezo\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2010.06.21 02:01:44 | 000,002,903 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\Songbird2\Profiles\bvlf5ubh.Aida\extensions\{183f766a-4b9b-854d-88db-62677b3d779e}\chrome\skin\mini-player\l.png
[2009.07.14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Und hier ein aktuelles Log von Malwarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.16.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
takezo :: TAKEZO-PC [Administrator]

18.11.2013 12:27:47
mbam-log-2013-11-18 (12-27-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 641170
Laufzeit: 2 Stunde(n), 16 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Wie schon erwähnt, scheint mir der Text unter Hosts im OTL Log etwas suspekt wegen all der URLs.

cosinus · 18.11.2013, 16:06

Acrobat Professional und Windows 7 Pro, ist das ein gewerblich genutztes System?
Dein Kaspersky, ist das schonmal fündig geworden?

Takezo64 · 18.11.2013, 22:11

Ich weiß ja nicht, wie man hier gewerblich usw. unterscheidet oder was das für'n Unterschied macht, aber die beiden Programme werden bei mir neben anderen für alle Zwecke eingesetzt.

Kaspersky hab ich vor ein paar Tagen vollständig durchlaufen lassen, aber ohne Ergebnis.

cosinus · 19.11.2013, 00:31

Zitat:

Ich weiß ja nicht, wie man hier gewerblich usw. unterscheidet oder was das für'n Unterschied macht, aber die beiden Programme werden bei mir neben anderen für alle Zwecke eingesetzt.

Na, es geht darum => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:

3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.

Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

Takezo64 · 19.11.2013, 11:45

Aha!

Nun, wie jeder andere möchte ich natürlich keine vertraulichen Daten irgendwo rumliegen haben. Natürlich geht das in einem solchen Forum nicht, wenn man effektive Hilfe erwartet. Gibt es eine Anleitung dazu, welche Daten man z. B. aus den Logs löschen kann, ohne dass das die Effektivität der Unterstützung beeinträchtigt?

Und noch zu meinem Problem, immer noch fehlgeschlagene Loginversuche, aber seit Passwortänderung keine unbefugten Mails mehr. Irgendwas Verdächtiges in den letzten beiden Logs? Oder werden weitere Scans benötigt, z. B. ESET, Adwcleaner usw.?

Mirko · 19.11.2013, 13:01

Zitat:

Zitat von Takezo64

...immer noch fehlgeschlagene Loginversuche...

Damit musst Du ein Stück weit Leben (hatte ich auch).
Bei GMX kannst Du Dich sowohl mit der GMX-Kundennummer als auch mit Deiner Haupt-E-Mail-Adresse einloggen. Wenn letztere bekannt ist, kann ein Angreifer damit versuchen reinzukommen, indem er versucht Dein Passwort zu erraten. Jeder Rateversuch wird zu den "fehlgeschlagenen Login-Versuchen" hinzugezählt.
Mögliche Abhilfe: Vermutlich hast Du mehrere E-Mail-Adressen unter GMX? Dann wähle eine weniger benutzte (oder kreiere eine neue) und ändere deren Status von der Neben- zur Haupt-E-Mail Adresse. Das ist dann die (und nur die), welche künftig zum einloggen genommen werden kann. Der mögliche Angriff scheitert so schon beim ersten Schritt, der Eingabe der richtigen E-Mail-Adresse.

cosinus · 19.11.2013, 13:53

Zitat:

Zitat von Takezo64

Aha!

Nun, wie jeder andere möchte ich natürlich keine vertraulichen Daten irgendwo rumliegen haben. Natürlich geht das in einem solchen Forum nicht, wenn man effektive Hilfe erwartet. Gibt es eine Anleitung dazu, welche Daten man z. B. aus den Logs löschen kann, ohne dass das die Effektivität der Unterstützung beeinträchtigt?

Siehe Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten? unter 3. Informationen vorbereiten

Takezo64 · 20.11.2013, 10:39

Hi!

Das mit der E-Mail-Adresse ändern ist so ne Sache, wenn Freunde und vor allem Kunden und was weiß ich viele Einträge für andere Konten dann "umgewöhnt" werden müssen. Also ist das nur die allerletzte Option.

Heute morgen lag die Zahl der fehlgeschlagenenen Loginversuche bei 673. Gehe ich Recht in der Anname, dass das von einem automatischen Spammer-Programm verursacht wird?

Dann ist mir ebenfalls aufgefallen, dass einige meiner normalerweise nach dem Start geöffneten Firefox Tabs der letzten Sitzung (gestern) geschlossen waren. Und ich war es nicht. Gibt es da Malware, die mit Firefox Schindluder treibt?

Und zum Schluss: Haben die geposteten Logs Anlass zur weiteren Analyse gegeben, bzw. soll ich mit anderen Programmen wie ESET usw. nochmals scannen?

Mirko · 20.11.2013, 14:03

Zitat:

Zitat von Takezo64

... E-Mail-Adresse ändern ist so ne Sache ...

Hat so auch keiner vorgeschlagen. Meine Hinweis zur möglichen Abhilfe bezog sich auf den GMX-internen Status der E-Mail-Adresse: Wenn man sich bei GMX über einen Webbrowser einloggen möchte, geht das - neben der Kundennummer - auch über die Eingabe einer E-Mail-Adresse (plus Passwort, versteht sich). GMX akzeptiert aber nur eine einzige Deiner E-Mail-Adressen für diese Art des einloggens, nämlich die, die Du gegenüber GMX als Haupt-E-Mail-Adresse deklariert hast.
Wenn Du das nun umstellst und eine andere Deiner E-Mail-Adressen zur Haupt-E-Mail-Adresse bestimmst, werden künftige Einloggversuche mit der ehemaligen Haupt-E-Mail-Adresse schon an dieser Stelle wirkungslos sein.
E-Mail-Nachrichten, die an die ehemalige Haupt-E-Mail-Adresse adressiert sind kommen trotzdem weiterhin an, weil nicht die E-Mail-Adresse geändert oder gelöscht wurde sondern nur deren GMX-internen Status.
Welche Deiner E-Mail-Adressen die Haupt-E-Mail-Adresse sein soll, kannst Du auf GMX einstellen. Dabei lässt sich eine andere, bereits bestehende E-Mail-Adresse zur Haupt-E-Mail-Adresse machen oder auch eine neue, die noch keiner kennen kann (und die Du dann am besten nicht weitergibst sondern nur zum Einloggen nimmst).

18.11.2013, 16:06	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GMX KOnto - Mails im Gesendet Ordner an unbekannte Empfänger/Mail Deamon failure Nachrichten Acrobat Professional und Windows 7 Pro, ist das ein gewerblich genutztes System? Dein Kaspersky, ist das schonmal fündig geworden? __________________ Logfiles bitte immer in CODE-Tags posten

GMX KOnto - Mails im Gesendet Ordner an unbekannte Empfänger/Mail Deamon failure Nachrichten

Überwachung, Datenschutz und Spam: GMX KOnto - Mails im Gesendet Ordner an unbekannte Empfänger/Mail Deamon failure Nachrichten