ILIVIT was Nun?
Hallo,
als ziemlicher Neuling in der ganzen Angelegenheit begrüße ich die Community.
Gestern habe ich festgestellt, als ich zufällig mal im Windows Explorer nachschaute, dass ILIVIT dort installiert ist. Jetzt weiß ich zumindest warum mein Rechner die letzte Zeit so langsam geworden ist.
Löschen kann ich ILIVIT nicht, Hijackthis hat es aber auch entdeckt.
Malwarebytes-Antimalware aber nicht. Ein vollständiger Scan hat nichts gezeigt. Ich habe mal OTL checken lassen. Ebenso mit Defogger
Die Logdateien sind angefügt.
Kann mir jemand helfen?
Ich will diesen Plagegeist loswerden.
Gruß
osch47 (Otto)OTL Logfile: Code:
OTL logfile created on: 09.01.2013 09:19:54 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,41% Memory free
6,00 Gb Paging File | 3,85 Gb Available in Paging File | 64,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 264,73 Gb Total Space | 142,43 Gb Free Space | 53,80% Space Free | Partition Type: NTFS
Drive D: | 33,36 Gb Total Space | 8,29 Gb Free Space | 24,85% Space Free | Partition Type: NTFS
Drive E: | 251,31 Gb Total Space | 84,91 Gb Free Space | 33,79% Space Free | Partition Type: NTFS
Drive F: | 104,34 Gb Total Space | 29,71 Gb Free Space | 28,47% Space Free | Partition Type: NTFS
Drive G: | 110,10 Gb Total Space | 18,68 Gb Free Space | 16,97% Space Free | Partition Type: NTFS
Drive N: | 298,08 Gb Total Space | 61,18 Gb Free Space | 20,52% Space Free | Partition Type: NTFS
Computer Name: OTTO-PC | User Name: Otto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.01.09 08:52:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2012.12.23 22:37:17 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.27 10:20:08 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Otto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.06.28 17:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.05.16 14:44:58 | 001,084,840 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.04.22 12:50:44 | 000,174,120 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.04.22 12:50:32 | 000,148,520 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012.01.23 18:19:32 | 001,858,048 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2012.01.23 05:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.11.11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.09.22 21:21:12 | 000,395,344 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011.09.22 21:20:44 | 005,587,832 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011.09.22 15:00:52 | 002,571,032 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2011.08.24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011.08.24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.13 03:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Vid HD\Vid.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.21 10:50:02 | 000,084,464 | ---- | M] () -- C:\Programme\Roxio 2010\5.0\CPMonitor.exe
PRC - [2009.06.23 00:18:52 | 000,494,064 | ---- | M] () -- C:\Programme\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
========== Modules (No Company Name) ==========
MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012.05.16 14:45:56 | 000,276,392 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.05.16 14:45:40 | 002,652,584 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.05.16 14:45:40 | 000,363,944 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.05.16 14:45:38 | 011,166,120 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.05.16 14:45:36 | 001,346,472 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.05.16 14:45:36 | 000,205,736 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.05.16 14:45:34 | 001,013,672 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.05.16 14:45:34 | 000,720,296 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.05.16 14:45:32 | 008,506,280 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.05.16 14:45:32 | 000,520,104 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.05.16 14:45:30 | 002,480,552 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.05.16 14:45:30 | 002,353,576 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.05.16 14:45:28 | 000,445,864 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.05.16 14:45:22 | 000,206,760 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012.05.16 14:45:22 | 000,035,240 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012.05.16 14:45:20 | 000,032,680 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012.05.16 14:44:54 | 000,437,672 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\NService.dll
MOD - [2012.05.16 14:44:16 | 000,604,072 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.05.16 12:46:28 | 000,391,056 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.05.16 12:46:28 | 000,059,280 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.05.16 12:45:30 | 000,110,080 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2012.01.18 07:43:56 | 000,183,320 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\SharedBin\LvApi11.dll
MOD - [2011.11.11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.11.11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011.09.22 21:20:28 | 011,233,136 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011.03.01 23:15:28 | 000,126,808 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011.03.01 23:15:28 | 000,027,480 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011.03.01 23:15:04 | 000,340,824 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011.03.01 23:14:42 | 007,954,776 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011.03.01 23:14:30 | 002,143,576 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011.01.13 02:57:34 | 000,751,616 | ---- | M] () -- C:\Programme\Logitech\Vid HD\vpxmd.dll
MOD - [2011.01.13 02:55:28 | 000,027,472 | ---- | M] () -- C:\Programme\Logitech\Vid HD\SDL.dll
MOD - [2009.07.21 10:50:02 | 000,084,464 | ---- | M] () -- C:\Programme\Roxio 2010\5.0\CPMonitor.exe
MOD - [2009.06.23 00:18:52 | 000,494,064 | ---- | M] () -- C:\Programme\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009.04.22 22:53:56 | 000,969,040 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009.04.10 00:04:56 | 002,141,008 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtCore4.dll
MOD - [2009.03.03 23:18:08 | 000,138,064 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009.03.03 23:18:06 | 000,035,152 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009.03.03 23:18:06 | 000,029,008 | ---- | M] () -- C:\Programme\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009.03.03 23:17:46 | 011,311,952 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009.03.03 23:17:46 | 000,363,856 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtXml4.dll
MOD - [2009.03.03 23:17:44 | 000,200,016 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtSql4.dll
MOD - [2009.03.03 23:17:40 | 000,475,472 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009.03.03 23:17:38 | 007,704,400 | ---- | M] () -- C:\Programme\Logitech\Vid HD\QtGui4.dll
MOD - [2009.03.03 23:17:32 | 000,291,664 | ---- | M] () -- C:\Programme\Logitech\Vid HD\phonon4.dll
========== Services (SafeList) ==========
SRV - [2012.12.23 22:37:17 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.12 09:47:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.28 17:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.04.22 12:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.01.23 18:19:32 | 001,858,048 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.10.25 16:10:15 | 003,246,040 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.09.22 21:21:10 | 000,805,032 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.08.24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.24 07:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009.07.24 07:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.05.08 00:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - [2012.12.23 22:46:30 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2012.12.23 22:46:29 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.12.23 22:46:29 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012.12.23 22:46:29 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.08.13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012.08.02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012.06.19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2012.04.22 12:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.03.01 02:32:32 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2012.03.01 02:32:32 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2012.01.18 05:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012.01.18 05:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2012.01.18 05:44:14 | 000,022,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2012.01.09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.10.25 16:10:17 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011.10.25 16:10:12 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273)
DRV - [2011.10.25 16:10:08 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011.10.25 16:10:00 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011.07.20 01:54:06 | 000,047,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV - [2011.07.19 22:12:22 | 000,225,280 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.16 10:26:38 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009.09.25 09:34:24 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2009.07.13 23:54:14 | 001,394,688 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009.07.13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009.06.05 18:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2008.03.17 17:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 F2 6E C9 C3 93 CC 01 [binary data]
IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found
IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..Smartbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr&type=moz35awe&p="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: online_banking@kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: passworddepot@acebit.com:6.2.1.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=2&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.23 22:46:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.23 22:46:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.23 22:46:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.23 22:46:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.23 22:46:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\passworddepot@acebit.com: C:\Program Files\AceBIT\Password Depot 6\Firefox\ [2012.12.29 12:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.02 11:04:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.02 11:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.28 12:46:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011.11.25 21:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Otto\AppData\Roaming\mozilla\Extensions
[2011.11.22 08:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Otto\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.11.28 19:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Otto\AppData\Roaming\mozilla\Firefox\Profiles\28129ckv.default\extensions
[2012.11.26 15:29:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Otto\AppData\Roaming\mozilla\Firefox\Profiles\28129ckv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.11.23 19:21:22 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Otto\AppData\Roaming\mozilla\firefox\profiles\28129ckv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.27 14:55:32 | 000,001,052 | ---- | M] () -- C:\Users\Otto\AppData\Roaming\mozilla\firefox\profiles\28129ckv.default\searchplugins\ashampoo-de-customized-web-search.xml
[2012.11.15 21:02:20 | 000,002,411 | ---- | M] () -- C:\Users\Otto\AppData\Roaming\mozilla\firefox\profiles\28129ckv.default\searchplugins\askcom.xml
[2012.10.19 09:30:44 | 000,002,306 | ---- | M] () -- C:\Users\Otto\AppData\Roaming\mozilla\firefox\profiles\28129ckv.default\searchplugins\askcomsearch.xml
[2012.11.25 15:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.26 11:26:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.08.31 17:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.25 15:08:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011.10.26 12:28:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.10.26 12:28:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.12.29 12:55:42 | 000,000,000 | ---D | M] (Password Depot Extension) -- C:\PROGRAM FILES\ACEBIT\PASSWORD DEPOT 6\FIREFOX
[2012.12.23 22:46:52 | 000,000,000 | ---D | M] (Safe Money) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM
[2012.06.26 11:26:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.08.31 17:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.25 15:08:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.07.16 17:18:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.16 17:18:21 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.16 17:18:21 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.16 17:18:21 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.16 17:18:21 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.25 21:35:43 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.07.16 17:18:21 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.16 17:18:21 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.searchqu.com/406
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files\AceBIT\Password Depot 6\pdIEAddOn32.dll (AceBIT)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio 2010\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe (Sonic Solutions)
O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_MX_Plus\Trayserver_DE.exe (MAGIX AG)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000..\Run: [SkyDrive] C:\Users\Otto\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Otto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D87D625-1A5E-4448-B51D-52CFAD109ACC}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4F6A13A-9784-4DDA-AAAA-583CE94E9CAA}: NameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.08 16:45:25 | 000,000,000 | ---D | C] -- C:\Users\Otto\Desktop\Neuer Ordner
[2013.01.08 16:25:40 | 000,000,000 | ---D | C] -- C:\Users\Otto\AppData\Roaming\Malwarebytes
[2013.01.08 16:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.08 16:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.08 16:24:52 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.08 16:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.08 16:24:38 | 000,000,000 | ---D | C] -- C:\Users\Otto\AppData\Local\Programs
[2013.01.04 10:24:57 | 000,000,000 | ---D | C] -- C:\Users\Otto\Documents\Roxio
[2012.12.29 12:55:42 | 000,729,424 | ---- | C] (WeOnlyDo Software) -- C:\Windows\System32\wodSFTP.dll
[2012.12.29 12:55:42 | 000,672,024 | ---- | C] (WeOnlyDo! COM) -- C:\Windows\System32\wodKeys.dll
[2012.12.23 22:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2012.12.23 22:23:17 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2012.12.21 15:56:31 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.21 15:56:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.12 21:58:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.12 21:58:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.12 21:58:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.12 21:58:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.12 21:58:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.12 21:58:03 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.12 21:58:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.12 21:58:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.12 09:07:54 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.12 09:07:48 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.12 09:07:48 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.12 09:07:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 09:07:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 09:07:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 09:07:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 09:07:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 09:07:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 09:07:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 09:07:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 09:07:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 09:07:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 09:07:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 09:07:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 09:07:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 09:07:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 09:07:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 09:07:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 09:07:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 09:07:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 09:07:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 09:07:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 09:07:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 09:07:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 09:07:46 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 09:07:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 09:07:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 09:07:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 09:07:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 09:07:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 09:07:25 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.12 09:07:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
========== Files - Modified Within 30 Days ==========
[2013.01.09 08:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.09 08:41:50 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.09 08:41:50 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.09 08:33:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.09 08:33:22 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.08 16:24:56 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.04 10:31:38 | 000,008,432 | ---- | M] () -- C:\Users\Otto\AppData\Local\rx_audio.Cache
[2013.01.04 08:48:44 | 000,000,000 | ---- | M] () -- C:\Users\Otto\AppData\Local\rx_image32.Cache
[2013.01.01 11:46:11 | 002,534,274 | ---- | M] () -- C:\Users\Otto\Desktop\squeezebox-touch-fg.pdf
[2012.12.30 18:41:21 | 000,771,414 | ---- | M] () -- C:\Users\Otto\Desktop\featureguide.pdf (logitech squeezebox radio).pdf
[2012.12.29 12:55:43 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Password Depot 6.lnk
[2012.12.25 17:00:07 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.12.25 14:45:18 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.25 14:45:18 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.25 14:45:18 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.25 14:45:18 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.24 10:01:05 | 000,002,290 | ---- | M] () -- C:\Users\Otto\Desktop\Sicherer Zahlungsverkehr.lnk
[2012.12.23 22:46:30 | 000,043,608 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\kltdi.sys
[2012.12.23 22:46:29 | 000,589,144 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.12.23 22:46:29 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klmouflt.sys
[2012.12.23 22:46:29 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klkbdflt.sys
[2012.12.23 22:24:22 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2012.12.21 17:43:20 | 000,494,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.13 13:26:49 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Steuer-Spar- Erklärung 2013.lnk
[2012.12.12 09:47:27 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.12 09:47:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2013.01.08 16:24:56 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.04 08:49:34 | 000,008,432 | ---- | C] () -- C:\Users\Otto\AppData\Local\rx_audio.Cache
[2013.01.04 08:48:44 | 000,000,000 | ---- | C] () -- C:\Users\Otto\AppData\Local\rx_image32.Cache
[2013.01.01 11:46:07 | 002,534,274 | ---- | C] () -- C:\Users\Otto\Desktop\squeezebox-touch-fg.pdf
[2012.12.30 18:41:19 | 000,771,414 | ---- | C] () -- C:\Users\Otto\Desktop\featureguide.pdf (logitech squeezebox radio).pdf
[2012.12.25 16:56:49 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.12.23 22:31:11 | 000,002,290 | ---- | C] () -- C:\Users\Otto\Desktop\Sicherer Zahlungsverkehr.lnk
[2012.12.23 22:26:00 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2012.12.13 13:26:49 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\Steuer-Spar- Erklärung 2013.lnk
[2012.04.29 18:26:55 | 000,000,883 | ---- | C] () -- C:\Users\Otto\.recently-used.xbel
[2012.02.13 11:13:44 | 000,000,068 | ---- | C] () -- C:\Windows\spwdrg.INI
[2012.02.13 11:13:34 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012.02.13 11:13:13 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012.02.13 11:13:13 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2012.02.13 11:13:13 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012.02.13 11:13:13 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2012.02.13 11:13:09 | 000,178,176 | ---- | C] () -- C:\Windows\System32\StellarProfile.dll
[2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 05:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2012.01.09 20:19:10 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.01.04 11:35:26 | 000,017,408 | ---- | C] () -- C:\Users\Otto\AppData\Local\WebpageIcons.db
[2011.12.15 18:42:48 | 000,007,103 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.10.27 17:30:18 | 000,003,584 | ---- | C] () -- C:\Users\Otto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.25 18:47:26 | 000,262,678 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011.10.25 18:47:25 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
========== ZeroAccess Check ==========
[2012.06.06 20:29:50 | 000,000,116 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3143349830-2153452287-2984029701-1000\$RE8NKYW.com\assets\oobe\l.png
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
--- --- ---
Defogger:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:42 on 09/01/2013 (Otto)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Hallo ich möchte noch die mbr logfile logfiles hinzufügen:
1. MBR.exe
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-09 09:49:50
-----------------------------
09:49:50.740 OS Version: Windows 6.1.7601 Service Pack 1
09:49:50.740 Number of processors: 4 586 0xF0B
09:49:50.745 ComputerName: OTTO-PC UserName: Otto
09:49:52.366 Initialize success
09:50:07.903 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:50:07.908 Disk 0 Vendor: Hitachi_HDT725032VLA380 V54OA7BA Size: 305245MB BusType: 3
09:50:07.912 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
09:50:07.915 Disk 1 Vendor: SAMSUNG_HD501LJ CR100-10 Size: 476940MB BusType: 3
09:50:07.937 Disk 0 MBR read successfully
09:50:07.942 Disk 0 MBR scan
09:50:07.946 Disk 0 Windows 7 default MBR code
09:50:07.950 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 271081 MB offset 63
09:50:07.984 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 34161 MB offset 555174270
09:50:07.990 Disk 0 scanning sectors +625137345
09:50:08.048 Disk 0 scanning C:\Windows\system32\drivers
09:50:14.414 Service scanning
09:50:22.061 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
09:50:22.492 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
09:50:22.894 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
09:50:22.922 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
09:50:22.964 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
09:50:22.994 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
09:50:34.318 Modules scanning
09:50:46.188 Disk 0 trace - called modules:
09:50:46.206 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
09:50:46.212 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c209f0]
09:50:46.218 3 CLASSPNP.SYS[8c7a959e] -> nt!IofCallDriver -> [0x85d87868]
09:50:46.224 5 ACPI.sys[8b8bd3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85de4908]
09:50:46.230 Scan finished successfully
09:51:08.845 Disk 0 MBR has been saved successfully to "C:\Users\Otto\Desktop\MBR.dat"
09:51:08.852 The log file has been saved successfully to "C:\Users\Otto\Desktop\aswMBR.txt"
2. TDSSKiller kann keinen Schädling entdecken, deshalb habe ich auch keine logfile bekommen.
Dennoch ist im windows explorer das Programm ilivid vorhanden!! |
Textbox.