Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Google Redirect Virus (?) (https://www.trojaner-board.de/133385-google-redirect-virus.html)

HabKeinNick 08.04.2013 08:54
Google Redirect Virus (?)
 
Hallo,

ich hab ein (großes ?) Problem mit meinem Laptop. Bei der Googlesuche auf meinem Laptop sind die Suchergebnisse 2-7 die angezeigt werden irgendein Spam- oder Phishingmüll. Auch läuft er sehr langsam. Die im Taskmanger angezeigten laufenden Prozesse ergeben i.d.R. aufaddiert höchstens 10 - 20%, trotzdem ist die CPU-Auslastung (fast) immer bei 100%. Aufgrund der 100% Auslastung läuft alles sehr langsam (auch die Scans mit Virenprogrammen) und der Laptop überhitzt sehr schnell.

Ich habe ihn mit Malwarebytes Anti-Malware, HitmannPro, NOD32 und Spybot gescannt, jedoch ohne etwas zu finden.

Auch habt ich TDSSKaspersky und Malwarebytes Rootkit und AVAST Rootkit laufen lassen ohne irgendetwas auffälliges zu finden.

Ich bin total ratlos :confused:

Jetzt habe ich - nachdem ich den defrogger laufengelassen hatte - mit OLT und Gmer den Laptop gescannt.

Hier die Logfiles:

OLT.txt:

Code:
OTL logfile created on: 07.04.2013 22:25:29 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\HmHm\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,21 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 70,74% Memory free
4,64 Gb Paging File | 3,63 Gb Available in Paging File | 78,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 37,21 Gb Free Space | 39,51% Space Free | Partition Type: NTFS
Drive D: | 195,07 Gb Total Space | 169,06 Gb Free Space | 86,66% Space Free | Partition Type: NTFS
 
Computer Name: HMHM-PC | User Name: HmHm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2013.04.07 13:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe
PRC - [2013.02.15 01:37:42 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.16 22:45:20 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.11.16 16:26:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.07.20 12:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\LEsrv.exe
PRC - [2011.07.20 12:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\audiosrv.exe
PRC - [2011.07.20 12:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe
PRC - [2011.06.17 20:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\obexsrv.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.02.02 05:12:10 | 000,387,584 | ---- | M] (ZTE) -- C:\Programme\congstar\Internetmanager\Bin\BMController.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2008.07.22 04:05:00 | 000,139,264 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonClient.exe
PRC - [2008.07.22 04:05:00 | 000,122,880 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonServer.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.07.27 04:41:00 | 000,023,040 | ---- | M] () -- C:\Windows\System32\BeepApp.exe
PRC - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
PRC - [2006.12.14 17:04:04 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\AMD\RAIDXpert\_jvm\bin\java.exe
PRC - [2003.09.29 09:00:00 | 000,110,592 | ---- | M] () -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.16 21:37:32 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2010.01.29 10:47:30 | 000,129,024 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\BIOptimizationClient.dll
MOD - [2010.01.29 10:45:10 | 000,160,768 | ---- | M] () -- C:\Programme\congstar\Internetmanager\Bin\BIXml.dll
MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.14 01:20:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 22:14:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.15 01:37:42 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.20 02:07:10 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.11.16 16:26:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011.07.20 12:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\LEsrv.exe -- (Bluetooth Low Energy Service)
SRV - [2011.07.20 12:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV - [2011.07.20 12:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.17 20:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.15 15:51:44 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.09.29 09:00:00 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe -- (AMDRAIDXpert)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\ehdrv.sys -- (ehdrv)
DRV - File not found [File_System | Disabled | Running] -- system32\DRIVERS\eamonm.sys -- (eamonm)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\HmHm\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013.03.31 19:52:48 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013.02.17 15:58:48 | 000,021,624 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\System32\drivers\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2013.02.01 11:47:14 | 000,148,208 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.11.20 02:16:23 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.11.20 02:16:23 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.11.16 21:38:48 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.11.09 22:25:58 | 000,454,288 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012.08.13 17:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012.08.02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012.07.16 16:38:22 | 000,023,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\johci.sys -- (johci)
DRV - [2012.06.19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2011.07.25 20:09:16 | 000,564,736 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmusb.sys -- (BTMUSB)
DRV - [2011.02.22 18:51:28 | 000,041,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmcom.sys -- (BTMCOM)
DRV - [2010.02.18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV - [2010.02.11 05:29:56 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.12.15 04:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.08 00:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.10.08 07:15:12 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008.04.28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008.04.03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2007.05.11 16:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{CC92B58A-F3A6-4963-B2C9-2FE339A97871}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "googel.com"
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.0.3
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: ff-bmboc%40bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\HmHm\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.02.15 01:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.02.15 01:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.02.15 01:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.02.15 01:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.02.15 01:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internetmanager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.03.30 02:15:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:14:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.07 06:51:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.04 21:21:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.04 21:21:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:14:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.07 06:51:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.04 21:21:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.04 21:21:10 | 000,000,000 | ---D | M]
 
[2010.11.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Extensions
[2010.11.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.04.06 23:49:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions
[2010.08.15 14:35:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.04.05 22:03:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\ich@maltegoetz.de
[2012.02.10 11:47:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\piclens@cooliris.com
[2010.03.08 15:19:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\searchrecs@veoh.com
[2013.02.14 21:59:31 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2013.02.14 23:10:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.06 23:49:45 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.12.01 12:48:30 | 000,077,690 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2010.04.12 17:33:03 | 000,001,819 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\searchplugins\bing.xml
[2010.03.18 07:59:07 | 000,002,055 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\searchplugins\daemon-search.xml
[2013.03.29 10:29:29 | 000,000,947 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\searchplugins\icqplugin.xml
[2013.03.08 22:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.30 02:15:40 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 11.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2010.04.01 14:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNETMANAGER\BIN\ADDON
[2013.02.15 01:41:22 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2013.03.08 22:14:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.19 14:42:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 02:32:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.19 14:42:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.06 10:11:01 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2012.06.19 14:42:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 14:42:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 14:42:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://de.pokerstrategy.com/home/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://de.pokerstrategy.com/home/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: FB unseen = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcedcpmfdpjijiamkaeaefgfagnnpei\0.1.0_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Google Mail = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\HmHm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HmHm\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\Resources\deu.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\Resources\deu.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80424655-1B4B-44CD-8CBC-683ED8726E55}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{55e4d7f3-f6b0-11e0-bd2f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55e4d7f3-f6b0-11e0-bd2f-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Data\setup.exe
O33 - MountPoints2\{74261fc6-773a-11e2-af1e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74261fc6-773a-11e2-af1e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.07 22:03:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.07 13:39:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe
[2013.04.07 01:23:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.04.07 00:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.04.07 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Roaming\Malwarebytes
[2013.04.07 00:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.07 00:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.07 00:46:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.07 00:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.04.05 23:27:32 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Documents\ProcAlyzer Dumps
[2013.04.05 22:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.04.05 01:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.04.04 23:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.04.04 23:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013.04.04 21:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.03.31 20:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.03.31 20:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.31 19:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.03.31 19:52:48 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.03.31 19:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2013.03.30 10:51:48 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Roaming\HpUpdate
[2013.03.30 10:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.03.30 10:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013.03.30 10:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.03.30 10:43:30 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Local\HP
[2013.03.30 01:09:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.03.29 14:01:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.03.29 10:47:27 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Desktop\Filme
[2013.03.29 10:38:06 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Desktop\Büro
[2013.03.22 23:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.11 00:55:37 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmnet.dll
[2013.03.11 00:55:37 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bminstall.dll
[2013.03.11 00:55:37 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmdumpd.bin
[2013.03.11 00:55:37 | 000,024,192 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\tcpipBM.sys
[2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys
[2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys
[2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys
[2013.03.11 00:54:42 | 000,010,240 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2013.03.11 00:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\congstar Internet-Manager
[2013.03.11 00:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\congstar
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.07 21:40:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.07 21:40:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.07 19:20:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.07 18:32:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.07 18:29:11 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068858174-2851846924-383880506-1000UA.job
[2013.04.07 16:32:35 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.07 15:27:41 | 000,640,404 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.07 15:27:41 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.07 15:27:41 | 000,130,456 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.07 15:27:41 | 000,108,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.07 13:44:35 | 000,377,856 | ---- | M] () -- C:\Users\HmHm\Desktop\gmer_2.1.19163.exe
[2013.04.07 13:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe
[2013.04.07 12:11:52 | 000,000,512 | ---- | M] () -- C:\Users\HmHm\Documents\MBR.dat
[2013.04.07 11:40:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.07 11:40:50 | 2372,464,640 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.07 06:53:06 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.07 02:26:42 | 000,000,020 | ---- | M] () -- C:\Users\HmHm\defogger_reenable
[2013.04.07 01:23:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.04.07 00:46:13 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.07 00:15:02 | 000,050,477 | ---- | M] () -- C:\Users\HmHm\Desktop\Defogger.exe
[2013.04.05 22:29:17 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068858174-2851846924-383880506-1000Core.job
[2013.04.05 17:24:30 | 000,004,936 | ---- | M] () -- C:\Users\HmHm\Documents\cc_20130405_172425.reg
[2013.04.02 01:30:57 | 000,002,082 | ---- | M] () -- C:\Users\HmHm\Desktop\Google Chrome.lnk
[2013.03.31 19:55:03 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.03.31 19:52:48 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.03.30 10:51:23 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk
[2013.03.30 10:51:22 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6600.lnk
[2013.03.30 10:51:19 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk
[2013.03.30 10:45:12 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013.03.30 02:30:51 | 000,338,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.30 02:16:30 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk
[2013.03.30 02:16:30 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
[2013.03.29 11:24:27 | 000,000,995 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.29 11:23:58 | 000,000,961 | ---- | M] () -- C:\Users\HmHm\Desktop\Dropbox.lnk
[2013.03.11 00:54:28 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.07 13:41:21 | 000,377,856 | ---- | C] () -- C:\Users\HmHm\Desktop\gmer_2.1.19163.exe
[2013.04.07 13:33:25 | 000,050,477 | ---- | C] () -- C:\Users\HmHm\Desktop\Defogger.exe
[2013.04.07 12:11:52 | 000,000,512 | ---- | C] () -- C:\Users\HmHm\Documents\MBR.dat
[2013.04.07 02:25:23 | 000,000,020 | ---- | C] () -- C:\Users\HmHm\defogger_reenable
[2013.04.07 00:46:13 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.06 22:57:05 | 2372,464,640 | -HS- | C] () -- C:\hiberfil.sys
[2013.04.05 17:24:29 | 000,004,936 | ---- | C] () -- C:\Users\HmHm\Documents\cc_20130405_172425.reg
[2013.03.31 19:55:03 | 000,001,741 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.03.30 10:51:23 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk
[2013.03.30 10:51:22 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6600.lnk
[2013.03.30 10:51:19 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk
[2013.03.30 10:45:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.03.30 02:16:30 | 000,002,437 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
[2013.03.30 02:16:30 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
[2013.03.30 02:16:30 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk
[2013.03.30 02:16:30 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
[2013.03.30 02:16:30 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
[2013.03.11 00:54:28 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk
[2013.02.15 08:47:43 | 000,396,597 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.11.16 21:37:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2012.11.16 17:01:04 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.06.04 18:27:28 | 000,000,448 | ---- | C] () -- C:\ProgramData\dobkrujvufrlmra
[2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.10.20 19:28:09 | 000,000,680 | ---- | C] () -- C:\Users\HmHm\AppData\Local\d3d9caps.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.09.04 00:10:37 | 000,000,104 | ---- | C] () -- C:\Users\HmHm\Papierkorb.lnk
[2011.08.27 23:07:26 | 000,017,408 | ---- | C] () -- C:\Users\HmHm\AppData\Local\WebpageIcons.db
[2011.06.01 13:50:01 | 000,000,045 | ---- | C] () -- C:\Users\HmHm\AppData\Local\machpro.dat
[2011.06.01 10:29:22 | 000,337,856 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2010.12.29 23:02:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.30 21:11:20 | 000,026,112 | ---- | C] () -- C:\Users\HmHm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.10 00:01:36 | 000,000,262 | ---- | C] () -- C:\Users\HmHm\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.14 22:33:58 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Applian FLV and Media Player
[2011.05.14 14:29:14 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Azureus
[2011.07.15 01:39:07 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Canon
[2013.03.31 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\DAEMON Tools Lite
[2012.07.29 23:55:13 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Downloaded Installations
[2013.04.07 20:37:34 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Dropbox
[2013.02.14 21:59:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\GrabIt
[2011.08.28 00:53:58 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Gutscheinmieze
[2011.06.01 09:30:56 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\HEM Data
[2011.10.15 00:06:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Internetmanager
[2012.07.30 00:02:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Nitro PDF
[2010.11.29 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\OpenOffice.org
[2009.10.26 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\postgresql
[2011.08.22 08:20:27 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Template
[2010.11.29 12:25:57 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Thunderbird
[2013.03.30 01:10:34 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\TuneUp Software
[2012.07.21 22:53:31 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\UDC Profiles
[2012.04.16 15:50:11 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

Extras.txt

Code:
OTL Extras logfile created on: 07.04.2013 22:25:29 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\HmHm\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,21 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 70,74% Memory free
4,64 Gb Paging File | 3,63 Gb Available in Paging File | 78,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 37,21 Gb Free Space | 39,51% Space Free | Partition Type: NTFS
Drive D: | 195,07 Gb Total Space | 169,06 Gb Free Space | 86,66% Space Free | Partition Type: NTFS
 
Computer Name: HMHM-PC | User Name: HmHm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ED7B3B3-2A66-4022-98E9-52F25FF1312D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20E8E555-3CC1-499B-8479-C3633E8DE06B}" = lport=139 | protocol=6 | dir=in | app=system |
"{29D78A9C-999C-48D1-8095-044D075673ED}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{35C8DDC6-9035-4AE8-AEA3-5802FF2A9C51}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{420AC033-84FE-43BD-B2A2-86ECB0E1D4BD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{480C4C2D-3426-4C6E-BD59-ABF2443D6B32}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4C734478-0A6A-4127-A467-9D87307D19D2}" = lport=137 | protocol=17 | dir=in | app=system |
"{5A0FEA17-F3D9-470D-907F-DA70F62DDF2F}" = lport=138 | protocol=17 | dir=in | app=system |
"{5C75FB79-DBBD-4C31-9A85-F9D9EC03FBCF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{630B66A9-01AC-489D-A50A-87520C0A639F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6972A016-2576-4ED0-8DCB-C56FA62CBCFC}" = rport=138 | protocol=17 | dir=out | app=system |
"{6A86F26F-27E5-4D76-95EA-175081E835F4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73D88D1C-4554-4673-BD77-DB61B96E75E5}" = rport=139 | protocol=6 | dir=out | app=system |
"{8BC05E65-DEF9-4B0C-BD5C-C5430EDD86A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F517D81-1612-4867-9B5E-145AE89D6DC6}" = rport=137 | protocol=17 | dir=out | app=system |
"{9191AD58-B3CE-45B9-883A-A3F004080892}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AADF4699-2FC4-4A11-80B5-AC89CEE1A706}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B3B30B24-F261-4E52-829C-68628B1C926D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BC3955F8-C87D-4F0A-89D7-D02DF872FC55}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF862F13-EA41-4941-9D04-46F907A966CF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6F3CAAA-110B-4CB5-8105-3EED4EC5FF43}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CAB91FFA-7A46-4235-981A-28FCBAAD905A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9CA04E4-5D58-4F1E-B572-28B653863B39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DEE05FC4-572F-4FEC-9F88-62C6C96423FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0F8D9F3-D394-4838-A46E-8726CCB6EE66}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E26E5270-CAB9-42E9-A728-E47D325E7F7D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E4D17AE6-7AB5-4F69-A6C0-000C24FB970A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E7200A35-FBC9-4981-8470-BB887E2D6FDE}" = lport=445 | protocol=6 | dir=in | app=system |
"{E99684CB-A454-42A4-AA7A-50E204036B0F}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BDAAF9F-C611-4C73-B8C0-21F4A22E152E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20B0D27D-9897-4AE8-BEC1-FD1ACBE2B1DB}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{22B6BE24-41CA-4009-9FF6-FB99AB9827BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D7049C8-FB5E-4A4B-84A2-A1888F1810DE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{36EBF7E6-CE6D-47E8-B0D5-ECF11C7AADEF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3A5FAE5F-8669-4BE7-BC64-BDE942362554}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3ECE6220-D55B-40F8-9D75-6140D75B87B4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4B32C543-202A-4445-ACC3-4C7FEAA8A203}" = protocol=6 | dir=out | app=system |
"{53D6AE15-A6AB-4435-8066-0DAD789627F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F828357-0F13-4949-AF88-C943CDFEEA94}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6118791C-09C9-49C6-A527-C01DE9407785}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6209E170-6725-43F5-A30A-8DB79A8E4EF8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62A1B790-1714-4F0D-A117-9C91F2BB9A84}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AD8A145-7A1C-44EE-9132-78874EFF51EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6B8B6061-4453-419D-940A-308AFA2D7B2B}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{6D9282D0-A5ED-40D2-90D4-9A707F37B085}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{79126619-8742-41E8-B747-549B6EC73815}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9B5AC03B-7FE2-42BD-A08C-D6C38297A025}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B7E9BBC7-68D3-4482-9701-82FA0EC7A9B3}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{B7F0D988-D46D-4F06-A1C9-783B34E1AF33}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B81B091C-55A2-4BBF-86AF-19BDC2D310F0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B8488039-FE9F-4B9F-8F9E-6E0A0023BF4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8CE2D87-6F4B-4524-98F9-533359B81630}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE6AE5CC-2378-441A-8EB9-99355326297F}" = protocol=6 | dir=in | app=c:\users\hmhm\appdata\roaming\dropbox\bin\dropbox.exe |
"{BFB7074B-8339-4F6E-A8FF-5CC4E7FC0B78}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C109D9B0-99B3-4571-8825-8F20B643FA4E}" = protocol=17 | dir=in | app=c:\users\hmhm\appdata\roaming\dropbox\bin\dropbox.exe |
"{C7445D6A-00D1-4742-9C54-070C984C20C9}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\devicesetup.exe |
"{E033714D-24B5-4208-A908-5C64DD8C5D6C}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe |
"{F23FABE2-59B0-449E-A7F4-A242DCE60355}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E410EB-8542-5527-9FC9-4C44DF3B7E79}" = AMD Catalyst Install Manager
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{03CD802D-47F0-BB70-5441-F2869FC4EEBD}" = Catalyst Control Center InstallProxy
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = AMD VISION Engine Control Center
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{28A2EF20-B486-685D-6642-829180ED7683}" = ccc-utility
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish
"{373C3C97-2FA9-4E18-85A2-255060C21031}" = Nero 8 Essentials
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese
"{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German
"{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish
"{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F1F9EC3-2A14-11B1-9111-526F36E7739B}" = AMD Fuel
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.05.26
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}" = PlayReady PC runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish
"{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese
"{BE09DD64-706D-4975-8034-E561C270D1E5}" = HP Officejet 6600 - Grundlegende Software für das Gerät
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C818BA3A-226F-4ED0-9CEF-96A0DF300211}" = HP Officejet 6600 Hilfe
"{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common
"{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V2.5.7
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1" = Motorola Bluetooth
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Driver Genius_is1" = Driver Genius
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.2 for Windows
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.04.2013 19:23:15 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
 
Error - 06.04.2013 19:23:15 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
 
Error - 06.04.2013 19:23:15 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
 
Error - 06.04.2013 19:23:16 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
 
Error - 06.04.2013 19:23:26 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
 
Error - 06.04.2013 19:23:26 | Computer Name = HmHm-PC | Source = VSS | ID = 12289
Description =
 
Error - 06.04.2013 19:23:40 | Computer Name = HmHm-PC | Source = System Restore | ID = 8193
Description =
 
Error - 06.04.2013 19:28:46 | Computer Name = HmHm-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 06.04.2013 19:31:16 | Computer Name = HmHm-PC | Source = ATIeRecord | ID = 16399
Description = ATI EEU PX dGPU Power On failed
 
Error - 07.04.2013 05:42:22 | Computer Name = HmHm-PC | Source = WinMgmt | ID = 10
Description =
 
[ Media Center Events ]
Error - 14.02.2013 22:06:29 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (7416.1128)
 
Error - 14.02.2013 22:06:29 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description =    Serververbindung konnte nicht hergestellt werden.. (7416.1129)
 
Error - 14.02.2013 23:07:01 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (4016.1128)
 
Error - 14.02.2013 23:07:01 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description =    Serververbindung konnte nicht hergestellt werden.. (4016.1129)
 
Error - 15.02.2013 00:07:29 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (6792.1128)
 
Error - 15.02.2013 00:07:29 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description =    Serververbindung konnte nicht hergestellt werden.. (6792.1129)
 
Error - 15.02.2013 01:07:57 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (7172.1128)
 
Error - 15.02.2013 01:07:57 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description =    Serververbindung konnte nicht hergestellt werden.. (7172.1129)
 
Error - 05.04.2013 10:42:08 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description = Fehler beim Herstellen der Internetverbindung. (4308.1128)
 
Error - 05.04.2013 10:42:08 | Computer Name = HmHm-PC | Source = MCUpdate | ID = 0
Description =    Serververbindung konnte nicht hergestellt werden.. (4308.1129)
 
[ System Events ]
Error - 06.04.2013 19:06:45 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 06.04.2013 19:23:41 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7006
Description =
 
Error - 06.04.2013 19:23:49 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7006
Description =
 
Error - 06.04.2013 19:23:52 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7006
Description =
 
Error - 06.04.2013 19:23:55 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7006
Description =
 
Error - 06.04.2013 19:28:19 | Computer Name = HmHm-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =
 
Error - 06.04.2013 19:28:52 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 06.04.2013 19:39:44 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 07.04.2013 06:22:13 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 07.04.2013 16:11:11 | Computer Name = HmHm-PC | Source = Service Control Manager | ID = 7031
Description =
 
 
< End of report >

Gmer.txt

Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-08 09:42:54
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000066 WDC_____ rev.11.0 298,02GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\HmHm\AppData\Local\Temp\kwtdipoc.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwAdjustPrivilegesToken [0x93751208]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwAlpcConnectPort [0x93704FB8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwAlpcCreatePort [0x93705300]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwAlpcSendWaitReceivePort [0x93705746]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwClose [0x936ED91E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwConnectPort [0x93704C92]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreateEvent [0x936EDE96]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreateMutant [0x936EDD7C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreatePort [0x93705164]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreateSection [0x93754072]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreateSemaphore [0x936EDFB6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreateSymbolicLinkObject [0x93715130]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                                                                        ZwCreateThread [0x937DC7F0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreateWaitablePort [0x93705232]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwDebugActiveProcess [0x93753054]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwDeviceIoControlFile [0x936ED962]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwDuplicateObject [0x9375134A]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                                                                        ZwLoadDriver [0x937DC8B0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwMapViewOfSection [0x93715150]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwNotifyChangeKey [0x93703422]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwOpenEvent [0x936EDF2C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwOpenMutant [0x936EDE0C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwOpenProcess [0x93752BFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwOpenSection [0x9375431E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwOpenSemaphore [0x936EE04C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwOpenThread [0x93753266]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwPlugPlayControl [0x93715140]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwQueryDirectoryObject [0x936EE0D6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwQueryObject [0x93703630]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwQueueApcThread [0x93753D20]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwReplyPort [0x9370552A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwReplyWaitReceivePort [0x937053B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwReplyWaitReceivePortEx [0x9370546E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwRequestWaitReplyPort [0x9370559A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwResumeThread [0x93753A4C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwSecureConnectPort [0x93704E20]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwSetContextThread [0x93753BA8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwSetInformationToken [0x936EE178]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                                                                        ZwSetSystemInformation [0x937DC870]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwSuspendProcess [0x93752D9C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwSuspendThread [0x937538F4]
SSDT            \SystemRoot\system32\DRIVERS\ehdrv.sys                                                                                                        ZwSystemDebugControl [0x937DC830]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwTerminateProcess [0x93752EFC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwTerminateThread [0x93753406]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwUnmapViewOfSection [0x93754486]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwWriteVirtualMemory [0x937541B0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreateThreadEx [0x9375374A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys                                                                                                          ZwCreateUserProcess [0x937531AE]

---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!KeSetEvent + 119                                                                                                                  844EE7DC 4 Bytes  [08, 12, 75, 93] {OR [EDX], DL; JNZ 0xffffff97}
.text          ntkrnlpa.exe!KeSetEvent + 13D                                                                                                                  844EE800 8 Bytes  [B8, 4F, 70, 93, 00, 53, 70, ...] {MOV EAX, 0x93704f; PUSH EBX; JO 0xffffff9b}
.text          ntkrnlpa.exe!KeSetEvent + 181                                                                                                                  844EE844 4 Bytes  [46, 57, 70, 93] {INC ESI; PUSH EDI; JO 0xffffff97}
.text          ntkrnlpa.exe!KeSetEvent + 1A9                                                                                                                  844EE86C 4 Bytes  [1E, D9, 6E, 93] {PUSH DS; FLDCW [ESI-0x6d]}
.text          ntkrnlpa.exe!KeSetEvent + 1C1                                                                                                                  844EE884 4 Bytes  [92, 4C, 70, 93] {XCHG EDX, EAX; DEC ESP; JO 0xffffff97}
.text          ...                                                                                                                                           
?              System32\drivers\ymyqypg.sys                                                                                                                  Das System kann den angegebenen Pfad nicht finden. !
.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                      section is writeable [0x90810000, 0x2BFBF0, 0xE8000020]
?              system32\DRIVERS\eamonm.sys                                                                                                                    Das System kann den angegebenen Pfad nicht finden. !
?              system32\DRIVERS\ehdrv.sys                                                                                                                    Das System kann den angegebenen Pfad nicht finden. !
?              C:\Users\HmHm\AppData\Local\Temp\aswMBR.sys                                                                                                    Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                        tcpipBM.sys

Device          \Driver\ahcix86s \Device\Dev_ffffffff88692538                                                                                                  87AB460A

AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                        kltdi.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                                      kltdi.sys
---- Processes - GMER 2.1 ----

Library        C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [280]                                      0x614F0000                                                                                       
Library        C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]            0x01340000                                                                                       
Library        C:\Program Files\ESET\ESET NOD32 Antivirus\eguiHips.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]        0x61B00000                                                                                       
Library        C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]        0x61670000                                                                                       
Library        C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]        0x628E0000                                                                                       
Library        C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]        0x62B50000                                                                                       
Library        C:\Program Files\ESET\ESET NOD32 Antivirus\eguiDmon.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]        0x66BB0000                                                                                       
Library        C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]        0x60D50000                                                                                       
Library        C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]      0x60EA0000                                                                                       
Library        C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll (*** hidden *** ) @ C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3928]  0x64350000                                                                                       

---- Registry - GMER 2.1 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df05dfc0f                                                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df060ecc2                                                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df060ecc2@a826d9d4996b                                                      0xCC 0xBB 0x00 0x0B ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                             
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                            0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                            0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                        0xD3 0x1B 0x61 0x2E ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                0x92 0x07 0xDF 0x7F ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                               
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                          0x63 0x5D 0x1E 0xF1 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df05dfc0f (not active ControlSet)                                               
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df060ecc2 (not active ControlSet)                                               
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df060ecc2@a826d9d4996b                                                          0xCC 0xBB 0x00 0x0B ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                         
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                            0xD3 0x1B 0x61 0x2E ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                    0x92 0x07 0xDF 0x7F ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                           
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                              0x63 0x5D 0x1E 0xF1 ...

---- EOF - GMER 2.1 ----
Über Hilfe würde ich mich wirklich sehr freuen.

aharonov 08.04.2013 17:52
Hi,

Zitat:
Bei der Googlesuche auf meinem Laptop sind die Suchergebnisse 2-7 die angezeigt werden irgendein Spam- oder Phishingmüll.
Tritt dieses Problem in allen Browsern auf oder nur in einem? In welchem? Bitte mal testen.

Zitat:
Auch habt ich TDSSKaspersky und Malwarebytes Rootkit und AVAST Rootkit laufen lassen ohne irgendetwas auffälliges zu finden.
Diese Logs würde ich gerne sehen.

Und wieviele Antivirenprogramme laufen da? Ich seh Einträge von Kaspersky und von ESET..

HabKeinNick 08.04.2013 22:23
Zuerst: Vielen Dank für die Antwort! :)

Zitat:
Tritt dieses Problem in allen Browsern auf oder nur in einem? In welchem? Bitte mal testen.
Es tritt nur bei Firefox auf (und auch nur bei der Googelsuche; bei anderen Suchmaschinen nicht). Bei Chrome und IE gibt es keine Probleme bei der Googelsuche.

Zitat:
Und wieviele Antivirenprogramme laufen da? Ich seh Einträge von Kaspersky und von ESET..
Eigentlich nur Kaspersky, aber um den Trojane/Virus "aufzuspüren" hatte ich mehrere Virenprogramme installiert (u.a. ESER, HitmannPro, Spybot,..). Die meisten (bis auf MalewareBytes Ant-Maleware und Kaspersky) habe ich wieder deinstalliert.

Zitat:
Diese Logs würde ich gerne sehen.
TDSSLog:

Code:
22:21:59.0418 5460  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:22:00.0676 5460  ============================================================
22:22:00.0676 5460  Current date / time: 2013/04/08 22:22:00.0676
22:22:00.0676 5460  SystemInfo:
22:22:00.0676 5460 
22:22:00.0676 5460  OS Version: 6.0.6002 ServicePack: 2.0
22:22:00.0676 5460  Product type: Workstation
22:22:00.0676 5460  ComputerName: HMHM-PC
22:22:00.0677 5460  UserName: HmHm
22:22:00.0677 5460  Windows directory: C:\Windows
22:22:00.0677 5460  System windows directory: C:\Windows
22:22:00.0677 5460  Processor architecture: Intel x86
22:22:00.0677 5460  Number of processors: 2
22:22:00.0677 5460  Page size: 0x1000
22:22:00.0677 5460  Boot type: Normal boot
22:22:00.0677 5460  ============================================================
22:22:02.0322 5460  Drive \Device\Harddisk0\DR0 - Size: 0x4A817C0000 (298.02 Gb), SectorSize: 0x200, Cylinders: 0x97F8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:22:02.0325 5460  ============================================================
22:22:02.0325 5460  \Device\Harddisk0\DR0:
22:22:02.0325 5460  MBR partitions:
22:22:02.0325 5460  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0xBC51800
22:22:02.0325 5460  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCDE6000, BlocksNum 0x18625600
22:22:02.0325 5460  ============================================================
22:22:02.0393 5460  C: <-> \Device\Harddisk0\DR0\Partition1
22:22:02.0493 5460  D: <-> \Device\Harddisk0\DR0\Partition2
22:22:02.0493 5460  ============================================================
22:22:02.0493 5460  Initialize success
22:22:02.0494 5460  ============================================================
22:22:09.0019 4116  ============================================================
22:22:09.0020 4116  Scan started
22:22:09.0020 4116  Mode: Manual; SigCheck; TDLFS;
22:22:09.0020 4116  ============================================================
22:22:10.0574 4116  ================ Scan system memory ========================
22:22:10.0574 4116  System memory - ok
22:22:10.0575 4116  ================ Scan services =============================
22:22:10.0923 4116  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
22:22:11.0770 4116  ACPI - ok
22:22:11.0946 4116  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:22:11.0964 4116  AdobeARMservice - ok
22:22:12.0107 4116  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:22:12.0128 4116  AdobeFlashPlayerUpdateSvc - ok
22:22:12.0194 4116  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
22:22:12.0237 4116  adp94xx - ok
22:22:12.0360 4116  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci        C:\Windows\system32\drivers\adpahci.sys
22:22:12.0397 4116  adpahci - ok
22:22:12.0413 4116  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
22:22:12.0433 4116  adpu160m - ok
22:22:12.0459 4116  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
22:22:12.0480 4116  adpu320 - ok
22:22:12.0523 4116  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
22:22:12.0670 4116  AeLookupSvc - ok
22:22:12.0731 4116  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
22:22:12.0765 4116  AFD - ok
22:22:12.0800 4116  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:22:12.0836 4116  agp440 - ok
22:22:12.0887 4116  [ 6EEE47ADFE3BC5694DF661DCA0F78D04 ] ahcix86s        C:\Windows\system32\drivers\ahcix86s.sys
22:22:12.0905 4116  ahcix86s - ok
22:22:12.0926 4116  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
22:22:12.0945 4116  aic78xx - ok
22:22:12.0965 4116  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
22:22:13.0111 4116  ALG - ok
22:22:13.0124 4116  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:22:13.0158 4116  aliide - ok
22:22:13.0219 4116  [ F9491B157A8CD70557745FA0312C1EEE ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:22:13.0273 4116  AMD External Events Utility - ok
22:22:13.0381 4116  AMD FUEL Service - ok
22:22:13.0405 4116  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:22:13.0441 4116  amdagp - ok
22:22:13.0478 4116  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:22:13.0505 4116  amdide - ok
22:22:13.0517 4116  [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86        C:\Windows\system32\DRIVERS\amdiox86.sys
22:22:13.0534 4116  amdiox86 - ok
22:22:13.0552 4116  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
22:22:13.0611 4116  AmdK7 - ok
22:22:13.0633 4116  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
22:22:13.0743 4116  AmdK8 - ok
22:22:14.0260 4116  [ F53B89A4B976B534DAA8AEDAFEAF8EA3 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:22:14.0801 4116  amdkmdag - ok
22:22:14.0900 4116  [ 3DEA9B1D1B274C739C9367FB1E56185F ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:22:14.0957 4116  amdkmdap - ok
22:22:15.0039 4116  [ AFE7733A20BC394D34713440AF680B63 ] AMDRAIDXpert    C:\Program Files\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
22:22:15.0099 4116  AMDRAIDXpert ( UnsignedFile.Multi.Generic ) - warning
22:22:15.0099 4116  AMDRAIDXpert - detected UnsignedFile.Multi.Generic (1)
22:22:15.0135 4116  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
22:22:15.0252 4116  Appinfo - ok
22:22:15.0313 4116  [ 5D2888182FB46632511ACEE92FDAD522 ] arc            C:\Windows\system32\drivers\arc.sys
22:22:15.0334 4116  arc - ok
22:22:15.0352 4116  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:22:15.0371 4116  arcsas - ok
22:22:15.0395 4116  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:22:15.0465 4116  AsyncMac - ok
22:22:15.0488 4116  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi          C:\Windows\system32\drivers\atapi.sys
22:22:15.0516 4116  atapi - ok
22:22:15.0635 4116  [ 2846F5EE802889D500FCF5CC48B28381 ] athr            C:\Windows\system32\DRIVERS\athr.sys
22:22:15.0879 4116  athr - ok
22:22:16.0312 4116  [ F53B89A4B976B534DAA8AEDAFEAF8EA3 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:22:16.0665 4116  atikmdag - ok
22:22:16.0718 4116  [ 5A1465AD2E7C1BC39CDA12A355329096 ] AtiPcie        C:\Windows\system32\DRIVERS\AtiPcie.sys
22:22:16.0749 4116  AtiPcie - ok
22:22:16.0804 4116  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:22:16.0850 4116  AudioEndpointBuilder - ok
22:22:16.0859 4116  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:22:16.0888 4116  Audiosrv - ok
22:22:17.0235 4116  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP            C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
22:22:17.0261 4116  AVP - ok
22:22:17.0369 4116  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:22:17.0445 4116  Beep - ok
22:22:17.0486 4116  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE            C:\Windows\System32\bfe.dll
22:22:17.0557 4116  BFE - ok
22:22:17.0614 4116  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
22:22:17.0754 4116  BITS - ok
22:22:17.0778 4116  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
22:22:17.0832 4116  blbdrive - ok
22:22:18.0032 4116  [ B32C5D84E9A52372327C6B033C3D59B6 ] Bluetooth Device Manager C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
22:22:18.0498 4116  Bluetooth Device Manager - ok
22:22:18.0568 4116  [ 54A84BC363F697785B54F990960D68D8 ] Bluetooth Low Energy Service C:\Program Files\Motorola\Bluetooth\LEsrv.exe
22:22:18.0593 4116  Bluetooth Low Energy Service - ok
22:22:18.0686 4116  [ 12DEA7DBDB89BA39B4D0A86A7C4AE3FE ] Bluetooth Media Service C:\Program Files\Motorola\Bluetooth\audiosrv.exe
22:22:18.0752 4116  Bluetooth Media Service - ok
22:22:18.0852 4116  [ E9D366D4365EA9775A03AA569A151BFE ] Bluetooth OBEX Service C:\Program Files\Motorola\Bluetooth\obexsrv.exe
22:22:18.0884 4116  Bluetooth OBEX Service - ok
22:22:18.0919 4116  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:22:18.0971 4116  bowser - ok
22:22:19.0035 4116  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
22:22:19.0102 4116  BrFiltLo - ok
22:22:19.0166 4116  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
22:22:19.0259 4116  BrFiltUp - ok
22:22:19.0282 4116  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
22:22:19.0333 4116  Browser - ok
22:22:19.0371 4116  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
22:22:19.0554 4116  Brserid - ok
22:22:19.0589 4116  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
22:22:19.0663 4116  BrSerWdm - ok
22:22:19.0714 4116  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
22:22:19.0779 4116  BrUsbMdm - ok
22:22:19.0797 4116  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
22:22:19.0875 4116  BrUsbSer - ok
22:22:19.0904 4116  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum        C:\Windows\system32\DRIVERS\BthEnum.sys
22:22:19.0941 4116  BthEnum - ok
22:22:19.0962 4116  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:22:20.0027 4116  BTHMODEM - ok
22:22:20.0079 4116  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:22:20.0145 4116  BthPan - ok
22:22:20.0226 4116  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT        C:\Windows\system32\Drivers\BTHport.sys
22:22:20.0258 4116  BTHPORT - ok
22:22:20.0284 4116  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ        C:\Windows\System32\bthserv.dll
22:22:20.0335 4116  BthServ - ok
22:22:20.0362 4116  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
22:22:20.0460 4116  BTHUSB - ok
22:22:20.0517 4116  [ DAEE018EA8D4FAF49A7C90698865DC53 ] BTMCOM          C:\Windows\system32\Drivers\btmcom.sys
22:22:20.0568 4116  BTMCOM - ok
22:22:20.0725 4116  [ 843770815CBDE9EBE03D9A0D741524B7 ] BTMUSB          C:\Windows\system32\Drivers\btmusb.sys
22:22:20.0828 4116  BTMUSB - ok
22:22:20.0868 4116  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:22:20.0933 4116  cdfs - ok
22:22:20.0968 4116  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
22:22:21.0018 4116  cdrom - ok
22:22:21.0045 4116  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
22:22:21.0086 4116  CertPropSvc - ok
22:22:21.0122 4116  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:22:21.0202 4116  circlass - ok
22:22:21.0255 4116  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
22:22:21.0280 4116  CLFS - ok
22:22:21.0372 4116  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:22:21.0413 4116  clr_optimization_v2.0.50727_32 - ok
22:22:21.0490 4116  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:22:21.0643 4116  clr_optimization_v4.0.30319_32 - ok
22:22:21.0663 4116  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:22:21.0721 4116  CmBatt - ok
22:22:21.0763 4116  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:22:21.0781 4116  cmdide - ok
22:22:21.0809 4116  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:22:21.0826 4116  Compbatt - ok
22:22:21.0833 4116  COMSysApp - ok
22:22:21.0849 4116  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
22:22:21.0866 4116  crcdisk - ok
22:22:21.0889 4116  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
22:22:21.0932 4116  Crusoe - ok
22:22:21.0986 4116  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:22:22.0051 4116  CryptSvc - ok
22:22:22.0108 4116  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:22:22.0200 4116  DcomLaunch - ok
22:22:22.0258 4116  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:22:22.0304 4116  DfsC - ok
22:22:22.0406 4116  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
22:22:22.0555 4116  DFSR - ok
22:22:22.0583 4116  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
22:22:22.0635 4116  Dhcp - ok
22:22:22.0686 4116  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
22:22:22.0715 4116  disk - ok
22:22:22.0735 4116  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:22:22.0793 4116  Dnscache - ok
22:22:22.0821 4116  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
22:22:22.0884 4116  dot3svc - ok
22:22:22.0912 4116  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
22:22:22.0973 4116  DPS - ok
22:22:23.0005 4116  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
22:22:23.0088 4116  drmkaud - ok
22:22:23.0130 4116  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01    C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:22:23.0150 4116  dtsoftbus01 - ok
22:22:23.0238 4116  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
22:22:23.0318 4116  DXGKrnl - ok
22:22:23.0349 4116  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
22:22:23.0400 4116  E1G60 - ok
22:22:23.0438 4116  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
22:22:23.0493 4116  EapHost - ok
22:22:23.0542 4116  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
22:22:23.0564 4116  Ecache - ok
22:22:23.0694 4116  [ 3A511ED3C9A9DA2CD5A50FF46178063A ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
22:22:23.0779 4116  ehRecvr - ok
22:22:23.0819 4116  [ A3D94C93333619458AF4BDE7531234C5 ] ehSched        C:\Windows\ehome\ehsched.exe
22:22:23.0865 4116  ehSched - ok
22:22:23.0906 4116  [ 487BA5C5BB442BD172F120DC197811C2 ] ehstart        C:\Windows\ehome\ehstart.dll
22:22:23.0924 4116  ehstart - ok
22:22:23.0988 4116  [ 23B62471681A124889978F6295B3F4C6 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
22:22:24.0027 4116  elxstor - ok
22:22:24.0123 4116  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
22:22:24.0251 4116  EMDMgmt - ok
22:22:24.0291 4116  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:22:24.0350 4116  ErrDev - ok
22:22:24.0424 4116  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
22:22:24.0464 4116  EventSystem - ok
22:22:24.0526 4116  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
22:22:24.0559 4116  exfat - ok
22:22:24.0631 4116  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
22:22:24.0680 4116  fastfat - ok
22:22:24.0718 4116  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
22:22:24.0751 4116  fdc - ok
22:22:24.0797 4116  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
22:22:24.0830 4116  fdPHost - ok
22:22:24.0851 4116  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:22:24.0922 4116  FDResPub - ok
22:22:24.0943 4116  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:22:24.0962 4116  FileInfo - ok
22:22:24.0986 4116  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
22:22:25.0045 4116  Filetrace - ok
22:22:25.0198 4116  [ 3D9B36631032FDE0FFEA0DC0260E4E35 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:22:25.0254 4116  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:22:25.0254 4116  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:22:25.0278 4116  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:22:25.0331 4116  flpydisk - ok
22:22:25.0362 4116  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:22:25.0385 4116  FltMgr - ok
22:22:25.0530 4116  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache      C:\Windows\system32\FntCache.dll
22:22:25.0654 4116  FontCache - ok
22:22:25.0748 4116  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:22:25.0765 4116  FontCache3.0.0.0 - ok
22:22:25.0819 4116  [ 6A4125EDBE6D5907D4B1E4514F1F5675 ] FSCLBaseUpdaterService C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
22:22:25.0838 4116  FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - warning
22:22:25.0838 4116  FSCLBaseUpdaterService - detected UnsignedFile.Multi.Generic (1)
22:22:25.0883 4116  [ B0082808A6856A252F7CDD939892CE50 ] fssfltr        C:\Windows\system32\DRIVERS\fssfltr.sys
22:22:25.0900 4116  fssfltr - ok
22:22:26.0271 4116  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:22:26.0359 4116  fsssvc - ok
22:22:26.0391 4116  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:22:26.0417 4116  Fs_Rec - ok
22:22:26.0472 4116  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:22:26.0506 4116  gagp30kx - ok
22:22:26.0549 4116  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
22:22:26.0680 4116  gpsvc - ok
22:22:26.0854 4116  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:26.0870 4116  gupdate - ok
22:22:26.0876 4116  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:26.0892 4116  gupdatem - ok
22:22:26.0975 4116  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:22:27.0030 4116  HdAudAddService - ok
22:22:27.0080 4116  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:22:27.0195 4116  HDAudBus - ok
22:22:27.0238 4116  [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:22:27.0282 4116  HidBth - ok
22:22:27.0320 4116  [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
22:22:27.0369 4116  HidIr - ok
22:22:27.0405 4116  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\system32\hidserv.dll
22:22:27.0442 4116  hidserv - ok
22:22:27.0485 4116  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:22:27.0529 4116  HidUsb - ok
22:22:27.0564 4116  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:22:27.0599 4116  hkmsvc - ok
22:22:27.0611 4116  [ 8B566EA71D5B76157A9CDB78F25A5731 ] Hotkey          C:\Windows\system32\drivers\Hotkey.sys
22:22:27.0632 4116  Hotkey ( UnsignedFile.Multi.Generic ) - warning
22:22:27.0632 4116  Hotkey - detected UnsignedFile.Multi.Generic (1)
22:22:27.0669 4116  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
22:22:27.0687 4116  HpCISSs - ok
22:22:27.0737 4116  [ 65D37BD167DD35C3663F4F097174E891 ] HSPADataCardusbmdm C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys
22:22:27.0802 4116  HSPADataCardusbmdm - ok
22:22:27.0828 4116  [ 65D37BD167DD35C3663F4F097174E891 ] HSPADataCardusbnmea C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys
22:22:27.0848 4116  HSPADataCardusbnmea - ok
22:22:27.0861 4116  [ 65D37BD167DD35C3663F4F097174E891 ] HSPADataCardusbser C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys
22:22:27.0881 4116  HSPADataCardusbser - ok
22:22:27.0935 4116  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:22:28.0007 4116  HTTP - ok
22:22:28.0090 4116  [ 22B142AED14E7385B221539C15AF1568 ] HWiNFO32        C:\Windows\system32\drivers\HWiNFO32.SYS
22:22:28.0107 4116  HWiNFO32 - ok
22:22:28.0173 4116  [ C6B032D69650985468160FC9937CF5B4 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
22:22:28.0192 4116  i2omp - ok
22:22:28.0217 4116  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:22:28.0258 4116  i8042prt - ok
22:22:28.0309 4116  [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor          C:\Windows\system32\drivers\iastor.sys
22:22:28.0334 4116  iaStor - ok
22:22:28.0361 4116  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
22:22:28.0385 4116  iaStorV - ok
22:22:28.0456 4116  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:22:28.0530 4116  idsvc - ok
22:22:28.0547 4116  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
22:22:28.0565 4116  iirsp - ok
22:22:28.0604 4116  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:22:28.0674 4116  IKEEXT - ok
22:22:28.0808 4116  [ DCE087456521FA31EEA20223A1937E42 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:22:29.0222 4116  IntcAzAudAddService - ok
22:22:29.0270 4116  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:22:29.0291 4116  intelide - ok
22:22:29.0308 4116  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:22:29.0361 4116  intelppm - ok
22:22:29.0387 4116  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
22:22:29.0437 4116  IPBusEnum - ok
22:22:29.0467 4116  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:22:29.0557 4116  IpFilterDriver - ok
22:22:29.0612 4116  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:22:29.0641 4116  iphlpsvc - ok
22:22:29.0650 4116  IpInIp - ok
22:22:29.0672 4116  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
22:22:29.0734 4116  IPMIDRV - ok
22:22:29.0760 4116  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
22:22:29.0811 4116  IPNAT - ok
22:22:29.0833 4116  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:22:29.0885 4116  IRENUM - ok
22:22:29.0911 4116  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:22:29.0931 4116  isapnp - ok
22:22:29.0972 4116  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:22:29.0994 4116  iScsiPrt - ok
22:22:30.0017 4116  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
22:22:30.0035 4116  iteatapi - ok
22:22:30.0055 4116  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
22:22:30.0072 4116  iteraid - ok
22:22:30.0111 4116  [ C4586CC52D70E9DB5D41A679C45DF0AB ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
22:22:30.0132 4116  JMCR - ok
22:22:30.0188 4116  [ B17792EB99401D59EBCA4A07C34004F8 ] johci          C:\Windows\system32\DRIVERS\johci.sys
22:22:30.0204 4116  johci - ok
22:22:30.0243 4116  [ C36F3A1A4E8416EF43F30DEAB7701730 ] JRAID          C:\Windows\system32\drivers\jraid.sys
22:22:30.0281 4116  JRAID - ok
22:22:30.0299 4116  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:22:30.0317 4116  kbdclass - ok
22:22:30.0345 4116  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:22:30.0382 4116  kbdhid - ok
22:22:30.0424 4116  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
22:22:30.0470 4116  KeyIso - ok
22:22:30.0548 4116  [ EA26CB00F83686856F2C79673C00C686 ] kl1            C:\Windows\system32\DRIVERS\kl1.sys
22:22:30.0568 4116  kl1 - ok
22:22:30.0631 4116  [ FBC7F840F1118D358D2AFB8C1714B384 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
22:22:30.0676 4116  KLIF - ok
22:22:30.0701 4116  [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6          C:\Windows\system32\DRIVERS\klim6.sys
22:22:30.0732 4116  KLIM6 - ok
22:22:30.0758 4116  [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
22:22:30.0774 4116  klkbdflt - ok
22:22:30.0796 4116  [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
22:22:30.0818 4116  klmouflt - ok
22:22:30.0872 4116  [ 53C0DF6C5139CB78A631E7AFCD893730 ] kltdi          C:\Windows\system32\DRIVERS\kltdi.sys
22:22:30.0902 4116  kltdi - ok
22:22:30.0926 4116  [ 71A38C123600172511C26BFABD0EF579 ] kneps          C:\Windows\system32\DRIVERS\kneps.sys
22:22:30.0949 4116  kneps - ok
22:22:31.0073 4116  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:22:31.0114 4116  KSecDD - ok
22:22:31.0149 4116  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
22:22:31.0190 4116  KtmRm - ok
22:22:31.0219 4116  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:22:31.0279 4116  LanmanServer - ok
22:22:31.0339 4116  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:22:31.0387 4116  LanmanWorkstation - ok
22:22:31.0418 4116  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:22:31.0464 4116  lltdio - ok
22:22:31.0551 4116  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
22:22:31.0606 4116  lltdsvc - ok
22:22:31.0626 4116  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
22:22:31.0701 4116  lmhosts - ok
22:22:31.0721 4116  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:22:31.0741 4116  LSI_FC - ok
22:22:31.0762 4116  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
22:22:31.0781 4116  LSI_SAS - ok
22:22:31.0799 4116  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:22:31.0819 4116  LSI_SCSI - ok
22:22:31.0839 4116  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
22:22:31.0888 4116  luafv - ok
22:22:31.0920 4116  [ D5673785903639D186DC345FF86F423F ] massfilter      C:\Windows\system32\drivers\massfilter.sys
22:22:31.0968 4116  massfilter - ok
22:22:32.0022 4116  [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
22:22:32.0040 4116  MBAMProtector - ok
22:22:32.0087 4116  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler  C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:22:32.0282 4116  MBAMScheduler - ok
22:22:32.0322 4116  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:22:32.0352 4116  MBAMService - ok
22:22:32.0398 4116  [ 3BD2AD18179DEAD6652E87157FB98E4A ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
22:22:32.0418 4116  Mcx2Svc - ok
22:22:32.0456 4116  [ 0001CE609D66632FA17B84705F658879 ] megasas        C:\Windows\system32\drivers\megasas.sys
22:22:32.0475 4116  megasas - ok
22:22:32.0507 4116  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
22:22:32.0540 4116  MegaSR - ok
22:22:32.0582 4116  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
22:22:32.0637 4116  MMCSS - ok
22:22:32.0673 4116  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
22:22:32.0718 4116  Modem - ok
22:22:32.0739 4116  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
22:22:32.0792 4116  monitor - ok
22:22:32.0814 4116  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:22:32.0838 4116  mouclass - ok
22:22:32.0850 4116  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:22:32.0894 4116  mouhid - ok
22:22:32.0923 4116  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
22:22:32.0948 4116  MountMgr - ok
22:22:33.0009 4116  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:22:33.0029 4116  MozillaMaintenance - ok
22:22:33.0053 4116  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:22:33.0073 4116  mpio - ok
22:22:33.0101 4116  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:22:33.0143 4116  mpsdrv - ok
22:22:33.0185 4116  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:22:33.0220 4116  MpsSvc - ok
22:22:33.0240 4116  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
22:22:33.0260 4116  Mraid35x - ok
22:22:33.0310 4116  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:22:33.0348 4116  MRxDAV - ok
22:22:33.0408 4116  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:22:33.0462 4116  mrxsmb - ok
22:22:33.0547 4116  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:22:33.0624 4116  mrxsmb10 - ok
22:22:33.0667 4116  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:22:33.0753 4116  mrxsmb20 - ok
22:22:33.0799 4116  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
22:22:33.0835 4116  msahci - ok
22:22:33.0901 4116  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
22:22:33.0947 4116  msdsm - ok
22:22:33.0986 4116  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
22:22:34.0066 4116  MSDTC - ok
22:22:34.0122 4116  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:22:34.0201 4116  Msfs - ok
22:22:34.0283 4116  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:22:34.0341 4116  msisadrv - ok
22:22:34.0399 4116  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
22:22:34.0456 4116  MSiSCSI - ok
22:22:34.0462 4116  msiserver - ok
22:22:34.0530 4116  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
22:22:34.0603 4116  MSKSSRV - ok
22:22:34.0625 4116  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:22:34.0714 4116  MSPCLOCK - ok
22:22:34.0755 4116  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
22:22:34.0900 4116  MSPQM - ok
22:22:34.0952 4116  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
22:22:35.0057 4116  MsRPC - ok
22:22:35.0183 4116  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:22:35.0200 4116  mssmbios - ok
22:22:35.0265 4116  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
22:22:35.0422 4116  MSTEE - ok
22:22:35.0559 4116  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
22:22:35.0605 4116  Mup - ok
22:22:35.0820 4116  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
22:22:35.0896 4116  napagent - ok
22:22:35.0976 4116  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
22:22:36.0096 4116  NativeWifiP - ok
22:22:36.0403 4116  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:22:36.0572 4116  NDIS - ok
22:22:36.0630 4116  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:22:36.0712 4116  NdisTapi - ok
22:22:36.0755 4116  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
22:22:36.0872 4116  Ndisuio - ok
22:22:36.0936 4116  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
22:22:37.0005 4116  NdisWan - ok
22:22:37.0023 4116  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
22:22:37.0052 4116  NDProxy - ok
22:22:37.0231 4116  [ B044BB341E164DA6750A9B8E6A5FF6A1 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
22:22:37.0317 4116  Nero BackItUp Scheduler 3 - ok
22:22:37.0338 4116  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
22:22:37.0382 4116  NetBIOS - ok
22:22:37.0428 4116  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
22:22:37.0471 4116  netbt - ok
22:22:37.0518 4116  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
22:22:37.0537 4116  Netlogon - ok
22:22:37.0590 4116  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
22:22:37.0643 4116  Netman - ok
22:22:37.0696 4116  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
22:22:37.0733 4116  netprofm - ok
22:22:37.0770 4116  [ 91D44AA2A61006136DA32118A179BF12 ] netr73          C:\Windows\system32\DRIVERS\netr73.sys
22:22:37.0869 4116  netr73 - ok
22:22:37.0911 4116  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:22:37.0930 4116  NetTcpPortSharing - ok
22:22:37.0959 4116  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
22:22:37.0976 4116  nfrd960 - ok
22:22:37.0998 4116  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:22:38.0034 4116  NlaSvc - ok
22:22:38.0187 4116  [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
22:22:38.0850 4116  NMIndexingService - ok
22:22:38.0889 4116  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:22:38.0932 4116  Npfs - ok
22:22:38.0961 4116  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
22:22:39.0016 4116  nsi - ok
22:22:39.0062 4116  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:22:39.0189 4116  nsiproxy - ok
22:22:39.0276 4116  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:22:39.0432 4116  Ntfs - ok
22:22:39.0465 4116  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
22:22:39.0518 4116  ntrigdigi - ok
22:22:39.0549 4116  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
22:22:39.0594 4116  Null - ok
22:22:39.0620 4116  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:22:39.0642 4116  nvraid - ok
22:22:39.0666 4116  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:22:39.0685 4116  nvstor - ok
22:22:39.0703 4116  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:22:39.0723 4116  nv_agp - ok
22:22:39.0730 4116  NwlnkFlt - ok
22:22:39.0740 4116  NwlnkFwd - ok
22:22:39.0815 4116  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:22:40.0033 4116  odserv - ok
22:22:40.0063 4116  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
22:22:40.0108 4116  ohci1394 - ok
22:22:40.0187 4116  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:22:40.0207 4116  ose - ok
22:22:40.0282 4116  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
22:22:40.0373 4116  p2pimsvc - ok
22:22:40.0386 4116  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:22:40.0418 4116  p2psvc - ok
22:22:40.0474 4116  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
22:22:40.0528 4116  Parport - ok
22:22:40.0567 4116  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
22:22:40.0597 4116  partmgr - ok
22:22:40.0622 4116  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
22:22:40.0696 4116  Parvdm - ok
22:22:40.0738 4116  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:22:40.0799 4116  PcaSvc - ok
22:22:40.0836 4116  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
22:22:40.0857 4116  pci - ok
22:22:40.0875 4116  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
22:22:40.0893 4116  pciide - ok
22:22:40.0938 4116  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:22:40.0972 4116  pcmcia - ok
22:22:41.0002 4116  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:22:41.0109 4116  PEAUTH - ok
22:22:41.0203 4116  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
22:22:41.0294 4116  pla - ok
22:22:41.0328 4116  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
22:22:41.0336 4116  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
22:22:41.0336 4116  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
22:22:41.0418 4116  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:22:41.0492 4116  PlugPlay - ok
22:22:41.0527 4116  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
22:22:41.0567 4116  PNRPAutoReg - ok
22:22:41.0583 4116  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
22:22:41.0616 4116  PNRPsvc - ok
22:22:41.0651 4116  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
22:22:41.0690 4116  PolicyAgent - ok
22:22:41.0721 4116  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:22:41.0765 4116  PptpMiniport - ok
22:22:41.0787 4116  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor      C:\Windows\system32\DRIVERS\processr.sys
22:22:41.0833 4116  Processor - ok
22:22:41.0871 4116  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
22:22:41.0922 4116  ProfSvc - ok
22:22:41.0928 4116  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:22:41.0947 4116  ProtectedStorage - ok
22:22:41.0985 4116  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
22:22:42.0024 4116  PSched - ok
22:22:42.0098 4116  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:22:42.0234 4116  ql2300 - ok
22:22:42.0284 4116  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:22:42.0314 4116  ql40xx - ok
22:22:42.0369 4116  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
22:22:42.0415 4116  QWAVE - ok
22:22:42.0439 4116  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:22:42.0473 4116  QWAVEdrv - ok
22:22:42.0499 4116  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:22:42.0546 4116  RasAcd - ok
22:22:42.0569 4116  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
22:22:42.0621 4116  RasAuto - ok
22:22:42.0647 4116  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
22:22:42.0684 4116  Rasl2tp - ok
22:22:42.0730 4116  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
22:22:42.0777 4116  RasMan - ok
22:22:42.0817 4116  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:22:42.0843 4116  RasPppoe - ok
22:22:42.0875 4116  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
22:22:42.0895 4116  RasSstp - ok
22:22:42.0940 4116  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
22:22:43.0008 4116  rdbss - ok
22:22:43.0042 4116  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:22:43.0087 4116  RDPCDD - ok
22:22:43.0121 4116  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
22:22:43.0161 4116  rdpdr - ok
22:22:43.0171 4116  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:22:43.0205 4116  RDPENCDD - ok
22:22:43.0238 4116  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
22:22:43.0276 4116  RDPWD - ok
22:22:43.0352 4116  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:22:43.0402 4116  RemoteAccess - ok
22:22:43.0444 4116  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:22:43.0496 4116  RemoteRegistry - ok
22:22:43.0542 4116  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:22:43.0591 4116  RFCOMM - ok
22:22:43.0622 4116  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
22:22:43.0650 4116  RpcLocator - ok
22:22:43.0701 4116  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
22:22:43.0763 4116  RpcSs - ok
22:22:43.0789 4116  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:22:43.0823 4116  rspndr - ok
22:22:43.0875 4116  [ 8DF962D1209D1F3D3F444C205950247F ] RTL8169        C:\Windows\system32\DRIVERS\Rtlh86.sys
22:22:43.0905 4116  RTL8169 - ok
22:22:43.0911 4116  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
22:22:43.0931 4116  SamSs - ok
22:22:43.0948 4116  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:22:43.0967 4116  sbp2port - ok
22:22:44.0002 4116  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:22:44.0049 4116  SCardSvr - ok
22:22:44.0104 4116  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
22:22:44.0247 4116  Schedule - ok
22:22:44.0283 4116  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
22:22:44.0310 4116  SCPolicySvc - ok
22:22:44.0342 4116  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
22:22:44.0385 4116  sdbus - ok
22:22:44.0424 4116  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:22:44.0490 4116  SDRSVC - ok
22:22:44.0514 4116  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:22:44.0580 4116  secdrv - ok
22:22:44.0601 4116  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
22:22:44.0647 4116  seclogon - ok
22:22:44.0669 4116  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
22:22:44.0721 4116  SENS - ok
22:22:44.0752 4116  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum        C:\Windows\system32\drivers\serenum.sys
22:22:44.0825 4116  Serenum - ok
22:22:44.0850 4116  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
22:22:44.0916 4116  Serial - ok
22:22:44.0945 4116  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:22:44.0978 4116  sermouse - ok
22:22:45.0030 4116  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:22:45.0065 4116  SessionEnv - ok
22:22:45.0079 4116  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
22:22:45.0124 4116  sffdisk - ok
22:22:45.0172 4116  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:22:45.0224 4116  sffp_mmc - ok
22:22:45.0241 4116  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
22:22:45.0273 4116  sffp_sd - ok
22:22:45.0297 4116  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
22:22:45.0365 4116  sfloppy - ok
22:22:45.0401 4116  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:22:45.0464 4116  SharedAccess - ok
22:22:45.0533 4116  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:22:45.0573 4116  ShellHWDetection - ok
22:22:45.0606 4116  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:22:45.0625 4116  sisagp - ok
22:22:45.0650 4116  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
22:22:45.0668 4116  SiSRaid2 - ok
22:22:45.0693 4116  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:22:45.0713 4116  SiSRaid4 - ok
22:22:45.0773 4116  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
22:22:45.0790 4116  SkypeUpdate - ok
22:22:45.0910 4116  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
22:22:46.0249 4116  slsvc - ok
22:22:46.0310 4116  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
22:22:46.0341 4116  SLUINotify - ok
22:22:46.0427 4116  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
22:22:46.0486 4116  Smb - ok
22:22:46.0545 4116  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:22:46.0579 4116  SNMPTRAP - ok
22:22:46.0645 4116  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
22:22:46.0664 4116  spldr - ok
22:22:46.0699 4116  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
22:22:46.0758 4116  Spooler - ok
22:22:46.0779 4116  sptd - ok
22:22:46.0906 4116  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
22:22:46.0969 4116  srv - ok
22:22:47.0036 4116  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:22:47.0099 4116  srv2 - ok
22:22:47.0132 4116  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:22:47.0207 4116  srvnet - ok
22:22:47.0267 4116  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
22:22:47.0326 4116  SSDPSRV - ok
22:22:47.0353 4116  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
22:22:47.0396 4116  SstpSvc - ok
22:22:47.0443 4116  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
22:22:47.0490 4116  StillCam - ok
22:22:47.0550 4116  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
22:22:47.0621 4116  stisvc - ok
22:22:47.0682 4116  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:22:47.0730 4116  swenum - ok
22:22:47.0809 4116  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
22:22:47.0861 4116  swprv - ok
22:22:47.0879 4116  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
22:22:47.0898 4116  Symc8xx - ok
22:22:47.0917 4116  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
22:22:47.0935 4116  Sym_hi - ok
22:22:47.0963 4116  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
22:22:47.0984 4116  Sym_u3 - ok
22:22:48.0082 4116  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
22:22:48.0181 4116  SysMain - ok
22:22:48.0208 4116  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:22:48.0245 4116  TabletInputService - ok
22:22:48.0326 4116  [ 9171A2543E4B23EEFC03F4CD671EA54A ] tap0901        C:\Windows\system32\DRIVERS\tap0901.sys
22:22:48.0379 4116  tap0901 ( UnsignedFile.Multi.Generic ) - warning
22:22:48.0379 4116  tap0901 - detected UnsignedFile.Multi.Generic (1)
22:22:48.0485 4116  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
22:22:48.0594 4116  TapiSrv - ok
22:22:48.0633 4116  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
22:22:48.0688 4116  TBS - ok
22:22:48.0957 4116  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
22:22:49.0745 4116  Tcpip - ok
22:22:50.0057 4116  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
22:22:50.0152 4116  Tcpip6 - ok
22:22:50.0437 4116  [ 74905EBCBB8CBDB1F3C0B1778BBCB4BC ] tcpipBM        C:\Windows\system32\drivers\tcpipBM.sys
22:22:50.0460 4116  tcpipBM ( UnsignedFile.Multi.Generic ) - warning
22:22:50.0460 4116  tcpipBM - detected UnsignedFile.Multi.Generic (1)
22:22:50.0504 4116  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:22:50.0555 4116  tcpipreg - ok
22:22:50.0646 4116  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:22:50.0753 4116  TDPIPE - ok
22:22:50.0830 4116  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
22:22:50.0922 4116  TDTCP - ok
22:22:51.0025 4116  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
22:22:51.0266 4116  tdx - ok
22:22:51.0346 4116  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:22:51.0374 4116  TermDD - ok
22:22:51.0595 4116  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
22:22:51.0664 4116  TermService - ok
22:22:51.0922 4116  [ 76468DF7A7A92413A57C998DE5C39290 ] TestHandler    C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
22:22:51.0965 4116  TestHandler - ok
22:22:51.0993 4116  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
22:22:52.0233 4116  Themes - ok
22:22:52.0295 4116  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
22:22:52.0394 4116  THREADORDER - ok
22:22:52.0451 4116  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
22:22:52.0509 4116  TrkWks - ok
22:22:52.0605 4116  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:22:52.0729 4116  TrustedInstaller - ok
22:22:52.0763 4116  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:22:52.0852 4116  tssecsrv - ok
22:22:52.0905 4116  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
22:22:52.0990 4116  tunmp - ok
22:22:53.0005 4116  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:22:53.0053 4116  tunnel - ok
22:22:53.0114 4116  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:22:53.0276 4116  uagp35 - ok
22:22:53.0389 4116  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:22:53.0623 4116  udfs - ok
22:22:53.0661 4116  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
22:22:53.0744 4116  UI0Detect - ok
22:22:53.0823 4116  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:22:53.0889 4116  uliagpkx - ok
22:22:53.0971 4116  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci        C:\Windows\system32\drivers\uliahci.sys
22:22:54.0017 4116  uliahci - ok
22:22:54.0057 4116  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
22:22:54.0108 4116  UlSata - ok
22:22:54.0183 4116  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
22:22:54.0231 4116  ulsata2 - ok
22:22:54.0272 4116  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
22:22:54.0398 4116  umbus - ok
22:22:54.0502 4116  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
22:22:54.0541 4116  upnphost - ok
22:22:54.0573 4116  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
22:22:54.0635 4116  usbccgp - ok
22:22:54.0701 4116  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:22:54.0773 4116  usbcir - ok
22:22:54.0825 4116  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
22:22:54.0891 4116  usbehci - ok
22:22:54.0913 4116  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:22:54.0969 4116  usbhub - ok
22:22:55.0009 4116  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
22:22:55.0056 4116  usbohci - ok
22:22:55.0127 4116  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:22:55.0172 4116  usbprint - ok
22:22:55.0238 4116  [ A508C9BD8724980512136B039BBA65E9 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
22:22:55.0277 4116  usbscan - ok
22:22:55.0301 4116  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:22:55.0340 4116  USBSTOR - ok
22:22:55.0367 4116  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
22:22:55.0410 4116  usbuhci - ok
22:22:55.0478 4116  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:22:55.0558 4116  usbvideo - ok
22:22:55.0602 4116  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
22:22:55.0650 4116  UxSms - ok
22:22:55.0718 4116  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
22:22:55.0783 4116  vds - ok
22:22:55.0860 4116  [ 87B06E1F30B749A114F74622D013F8D4 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
22:22:55.0893 4116  vga - ok
22:22:55.0935 4116  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
22:22:55.0968 4116  VgaSave - ok
22:22:56.0009 4116  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:22:56.0039 4116  viaagp - ok
22:22:56.0067 4116  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7          C:\Windows\system32\drivers\viac7.sys
22:22:56.0101 4116  ViaC7 - ok
22:22:56.0145 4116  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
22:22:56.0192 4116  viaide - ok
22:22:56.0205 4116  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:22:56.0225 4116  volmgr - ok
22:22:56.0313 4116  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
22:22:56.0342 4116  volmgrx - ok
22:22:56.0415 4116  [ 786DB5771F05EF300390399F626BF30A ] volsnap        C:\Windows\system32\drivers\volsnap.sys
22:22:56.0439 4116  volsnap - ok
22:22:56.0488 4116  [ 587253E09325E6BF226B299774B728A9 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
22:22:56.0513 4116  vsmraid - ok
22:22:56.0707 4116  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
22:22:56.0869 4116  VSS - ok
22:22:56.0922 4116  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
22:22:57.0017 4116  W32Time - ok
22:22:57.0054 4116  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:22:57.0131 4116  WacomPen - ok
22:22:57.0193 4116  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:22:57.0231 4116  Wanarp - ok
22:22:57.0241 4116  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:22:57.0275 4116  Wanarpv6 - ok
22:22:57.0313 4116  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
22:22:57.0401 4116  wcncsvc - ok
22:22:57.0475 4116  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:22:57.0559 4116  WcsPlugInService - ok
22:22:57.0587 4116  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
22:22:57.0620 4116  Wd - ok
22:22:57.0843 4116  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:22:57.0993 4116  Wdf01000 - ok
22:22:58.0037 4116  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:22:58.0150 4116  WdiServiceHost - ok
22:22:58.0191 4116  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
22:22:58.0237 4116  WdiSystemHost - ok
22:22:58.0356 4116  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
22:22:58.0420 4116  WebClient - ok
22:22:58.0528 4116  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:22:58.0601 4116  Wecsvc - ok
22:22:58.0652 4116  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
22:22:58.0689 4116  wercplsupport - ok
22:22:58.0745 4116  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:22:58.0796 4116  WerSvc - ok
22:22:58.0854 4116  [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir      C:\Windows\system32\DRIVERS\winbondcir.sys
22:22:58.0916 4116  winbondcir - ok
22:22:58.0986 4116  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
22:22:59.0015 4116  WinDefend - ok
22:22:59.0025 4116  WinHttpAutoProxySvc - ok
22:22:59.0305 4116  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
22:22:59.0336 4116  Winmgmt - ok
22:22:59.0437 4116  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
22:22:59.0622 4116  WinRM - ok
22:22:59.0718 4116  [ 40B6CE57B2B209115C0426535D4253F2 ] WisLMSvc        C:\Program Files\Launch Manager\WisLMSvc.exe
22:22:59.0740 4116  WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
22:22:59.0740 4116  WisLMSvc - detected UnsignedFile.Multi.Generic (1)
22:22:59.0820 4116  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
22:22:59.0875 4116  Wlansvc - ok
22:22:59.0953 4116  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:22:59.0970 4116  wlcrasvc - ok
22:23:00.0360 4116  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:23:00.0901 4116  wlidsvc - ok
22:23:00.0941 4116  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
22:23:00.0967 4116  WmiAcpi - ok
22:23:01.0019 4116  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:23:01.0067 4116  wmiApSrv - ok
22:23:01.0411 4116  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
22:23:01.0540 4116  WMPNetworkSvc - ok
22:23:01.0616 4116  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:23:01.0699 4116  WPCSvc - ok
22:23:01.0743 4116  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:23:01.0810 4116  WPDBusEnum - ok
22:23:01.0869 4116  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
22:23:01.0906 4116  WpdUsb - ok
22:23:02.0136 4116  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:23:02.0355 4116  WPFFontCache_v0400 - ok
22:23:02.0371 4116  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
22:23:02.0420 4116  ws2ifsl - ok
22:23:02.0477 4116  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
22:23:02.0518 4116  wscsvc - ok
22:23:02.0524 4116  WSearch - ok
22:23:02.0858 4116  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:23:03.0131 4116  wuauserv - ok
22:23:03.0260 4116  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:23:03.0293 4116  WudfPf - ok
22:23:03.0338 4116  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:23:03.0390 4116  WUDFRd - ok
22:23:03.0445 4116  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
22:23:03.0492 4116  wudfsvc - ok
22:23:03.0538 4116  ================ Scan global ===============================
22:23:03.0694 4116  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:23:03.0796 4116  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:23:03.0825 4116  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:23:03.0909 4116  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:23:03.0914 4116  [Global] - ok
22:23:03.0914 4116  ================ Scan MBR ==================================
22:23:03.0931 4116  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:23:08.0601 4116  \Device\Harddisk0\DR0 - ok
22:23:08.0602 4116  ================ Scan VBR ==================================
22:23:08.0642 4116  [ 226434F6689378E69755F756D98D2A98 ] \Device\Harddisk0\DR0\Partition1
22:23:08.0666 4116  \Device\Harddisk0\DR0\Partition1 - ok
22:23:08.0685 4116  [ A651BD80FD1FCE8D3AF5681ACEDF1769 ] \Device\Harddisk0\DR0\Partition2
22:23:08.0697 4116  \Device\Harddisk0\DR0\Partition2 - ok
22:23:08.0697 4116  ============================================================
22:23:08.0697 4116  Scan finished
22:23:08.0698 4116  ============================================================
22:23:08.0716 3992  Detected object count: 8
22:23:08.0716 3992  Actual detected object count: 8
22:23:22.0114 3992  AMDRAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:22.0114 3992  AMDRAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:22.0117 3992  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:22.0117 3992  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:22.0120 3992  FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:22.0120 3992  FSCLBaseUpdaterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:22.0123 3992  Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:22.0124 3992  Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:22.0124 3992  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:22.0124 3992  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:22.0127 3992  tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:22.0127 3992  tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:22.0130 3992  tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:22.0130 3992  tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:22.0133 3992  WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:22.0133 3992  WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
AVASTLog

Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-08 22:25:15
-----------------------------
22:25:15.462    OS Version: Windows 6.0.6002 Service Pack 2
22:25:15.462    Number of processors: 2 586 0x301
22:25:15.468    ComputerName: HMHM-PC  UserName: HmHm
22:25:31.108    Initialize success
22:34:54.183    AVAST engine defs: 13040802
22:37:03.299    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
22:37:03.302    Disk 0 Vendor: WDC_____ 11.0 Size: 305175MB BusType: 8
22:37:03.472    Disk 0 MBR read successfully
22:37:03.475    Disk 0 MBR scan
22:37:03.552    Disk 0 Windows VISTA default MBR code
22:37:03.575    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        9000 MB offset 2048
22:37:03.590    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        96419 MB offset 18434048
22:37:03.611    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      199754 MB offset 215900160
22:37:03.620    Disk 0 scanning sectors +624997888
22:37:03.728    Disk 0 scanning C:\Windows\system32\drivers
22:37:15.790    Service scanning
22:37:29.043    Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
22:37:29.199    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
22:37:29.245    Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
22:37:29.285    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
22:37:29.348    Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
22:37:29.422    Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
22:37:43.642    Modules scanning
22:37:54.825    Disk 0 trace - called modules:
22:37:54.851    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys ahcix86s.sys
22:37:54.859    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88ca9360]
22:37:54.867    3 CLASSPNP.SYS[8b5a38b3] -> nt!IofCallDriver -> [0x886cadb8]
22:37:54.875    5 acpi.sys[84a096bc] -> nt!IofCallDriver -> \Device\00000064[0x886c6030]
22:37:56.749    AVAST engine scan C:\Windows
22:38:00.151    AVAST engine scan C:\Windows\system32
22:43:19.653    AVAST engine scan C:\Windows\system32\drivers
22:43:52.262    AVAST engine scan C:\Users\HmHm
23:00:41.397    AVAST engine scan C:\ProgramData
23:08:32.647    Scan finished successfully
23:09:18.653    Disk 0 MBR has been saved successfully to "C:\Users\HmHm\Desktop\MBR.dat"
23:09:18.699    The log file has been saved successfully to "C:\Users\HmHm\Desktop\aswMBR.txt"
MWBAnti-Rootkit Log

Code:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 2371547136, free: 1017270272

------------ Kernel report ------------
    04/07/2013 12:30:03
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\ymyqypg.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\drivers\ahcix86s.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\athr.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\johci.sys
\SystemRoot\system32\DRIVERS\jmcr.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\winbondcir.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\amdiox86.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\System32\Drivers\btmusb.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\??\C:\Windows\system32\drivers\tcpipBM.sys
\SystemRoot\system32\DRIVERS\kltdi.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\??\C:\Windows\system32\drivers\HWiNFO32.SYS
\SystemRoot\System32\Drivers\Hotkey.SYS
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_ahcix86s.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Users\HmHm\AppData\Local\Temp\aswMBR.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8909fac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000066\
Lower Device Object: 0xffffffff88692538
Lower Device Driver Name: \Driver\ahcix86s\
Driver name found: ahcix86s
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\Storport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.04.07.02
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8909fac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8909f7b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8909fac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff88acaa60, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff88692538, DeviceName: \Device\00000066\, DriverName: \Driver\ahcix86s\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffacf7d168, 0xffffffff8909fac8, 0xffffffff8949d8a8
Lower DeviceData: 0xfffffffface4ccb8, 0xffffffff88692538, 0xffffffffa6cea0e8
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: EDB9ED76

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 18432000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 18434048  Numsec = 197466112
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 215900160  Numsec = 409097728

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 319999967232 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-624979936-624999936)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 2371547136, free: 1142226944

=======================================

aharonov 09.04.2013 00:29
Hi,

dann suchen wir den Verursacher mal. :)


Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
  • Schliesse alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von OTL

HabKeinNick 09.04.2013 21:54
adwlog:

Code:
# AdwCleaner v2.200 - Datei am 09/04/2013 um 21:37:56 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : HmHm - HMHM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\HmHm\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\HmHm\AppData\Roaming\Mozilla\Firefox\Profiles\09kxthrh.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\HmHm\AppData\Roaming\Mozilla\Firefox\Profiles\09kxthrh.default\searchplugins\daemon-search.xml
Datei Gelöscht : C:\Users\HmHm\AppData\Roaming\Mozilla\Firefox\Profiles\09kxthrh.default\searchplugins\icqplugin.xml
Ordner Gelöscht : C:\ProgramData\~0
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\HmHm\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\HmHm\AppData\Local\TempDir

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\HmHm\AppData\Roaming\Mozilla\Firefox\Profiles\09kxthrh.default\prefs.js

C:\Users\HmHm\AppData\Roaming\Mozilla\Firefox\Profiles\09kxthrh.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2504091.CTID", "CT2504091");
Gelöscht : user_pref("CT2504091.CurrentServerDate", "18-3-2010");
Gelöscht : user_pref("CT2504091.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2504091.EMailNotifierPollDate", "Thu Mar 18 2010 12:33:29 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedLastCount129079840422964131", 10);
Gelöscht : user_pref("CT2504091.FeedPollDate128891351169457132", "Thu Mar 18 2010 11:53:27 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedPollDate129079840422964131", "Thu Mar 18 2010 10:31:07 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedTTL128891351169457132", 40);
Gelöscht : user_pref("CT2504091.FirstServerDate", "18-3-2010");
Gelöscht : user_pref("CT2504091.FirstTime", true);
Gelöscht : user_pref("CT2504091.FirstTimeFF3", true);
Gelöscht : user_pref("CT2504091.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2504091.Initialize", true);
Gelöscht : user_pref("CT2504091.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2504091.InstalledDate", "Wed Mar 17 2010 23:14:37 GMT+0100");
Gelöscht : user_pref("CT2504091.IsGrouping", false);
Gelöscht : user_pref("CT2504091.IsMulticommunity", false);
Gelöscht : user_pref("CT2504091.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2504091.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2504091.LanguagePackLastCheckTime", "Wed Mar 17 2010 23:14:38 GMT+0100");
Gelöscht : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2504091.LastLogin_2.5.8.6", "Thu Mar 18 2010 10:44:42 GMT+0100");
Gelöscht : user_pref("CT2504091.LatestVersion", "2.1.0.18");
Gelöscht : user_pref("CT2504091.Locale", "en-us");
Gelöscht : user_pref("CT2504091.LoginCache", 4);
Gelöscht : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2504091.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Wed Mar 17 2010 23:14:37 GMT+0100");
Gelöscht : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2504091.SettingsLastCheckTime", "Thu Mar 18 2010 11:16:10 GMT+0100");
Gelöscht : user_pref("CT2504091.SettingsLastUpdate", "1265745383");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Wed Mar 17 2010 23:14:36 GMT+0100");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1265745383");
Gelöscht : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2504091.UserID", "UN09370230755109221");
Gelöscht : user_pref("CT2504091.alertChannelId", "897164");
Gelöscht : user_pref("CT2504091.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2504091.myStuffEnabled", true);
Gelöscht : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.live.com/results.aspx?FORM[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Gelöscht : user_pref("extensions.searchrecs@veoh.com.install-event-fired", true);
Gelöscht : user_pref("extensions.snipit.history_query", "baldurs%20gate=ASKURL=hxxp://www.ask.com/web?q=baldurs[...]
Gelöscht : user_pref("extensions.toolbar_W3I-G@apn.ask.com.install-event-fired", true);
Gelöscht : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision[...]
Gelöscht : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2");
Gelöscht : user_pref("extensions.veohsearchrecs.id", "6465ca266-b1b9-bd76-2c6e-0454bd16339");
Gelöscht : user_pref("extensions.veohsearchrecs.lastsitedate", "9");
Gelöscht : user_pref("extensions.veohsearchrecs.veohenabled", "false");
Gelöscht : user_pref("icqtoolbar.engineVerified", true);
Gelöscht : user_pref("icqtoolbar.history", "mobile||mobile.de||namen%20herkunft||johann");
Gelöscht : user_pref("icqtoolbar.installTime", "1274529432");
Gelöscht : user_pref("icqtoolbar.itbsitescount", 0);
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.3");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Gelöscht : user_pref("icqtoolbar.uniqueID", "127352563912735256781274529432903");
Gelöscht : user_pref("keyword.URL", "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=");

-\\ Google Chrome v26.0.1410.43

Datei : C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [8510 octets] - [09/04/2013 21:37:56]

########## EOF - C:\AdwCleaner[S1].txt - [8570 octets] ##########
OLT-Log

Code:
OTL logfile created on: 09.04.2013 21:44:21 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\HmHm\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,21 Gb Total Physical Memory | 0,40 Gb Available Physical Memory | 18,08% Memory free
4,64 Gb Paging File | 2,49 Gb Available in Paging File | 53,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 35,55 Gb Free Space | 37,75% Space Free | Partition Type: NTFS
Drive D: | 195,07 Gb Total Space | 169,06 Gb Free Space | 86,66% Space Free | Partition Type: NTFS
 
Computer Name: HMHM-PC | User Name: HmHm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.07 13:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe
PRC - [2013.02.15 01:37:42 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.20 02:07:10 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012.11.16 22:45:20 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.11.16 16:26:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012.08.17 22:43:06 | 000,019,064 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\wmi32.exe
PRC - [2011.07.20 12:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\LEsrv.exe
PRC - [2011.07.20 12:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\audiosrv.exe
PRC - [2011.07.20 12:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe
PRC - [2011.06.17 20:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\obexsrv.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2008.07.22 04:05:00 | 000,139,264 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonClient.exe
PRC - [2008.07.22 04:05:00 | 000,122,880 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonServer.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2007.07.27 04:41:00 | 000,023,040 | ---- | M] () -- C:\Windows\System32\BeepApp.exe
PRC - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
PRC - [2006.12.14 17:04:04 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\AMD\RAIDXpert\_jvm\bin\java.exe
PRC - [2003.09.29 09:00:00 | 000,110,592 | ---- | M] () -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.16 21:37:32 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2012.08.17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.14 01:20:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 22:14:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.15 01:37:42 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.20 02:07:10 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.11.16 16:26:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011.07.20 12:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\LEsrv.exe -- (Bluetooth Low Energy Service)
SRV - [2011.07.20 12:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV - [2011.07.20 12:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.17 20:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.15 15:51:44 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.09.29 09:00:00 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe -- (AMDRAIDXpert)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013.04.08 22:25:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013.03.31 19:52:48 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013.02.17 15:58:48 | 000,021,624 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\System32\drivers\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2013.02.01 11:47:14 | 000,148,208 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.11.20 02:16:23 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.11.20 02:16:23 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.11.16 21:38:48 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.11.09 22:25:58 | 000,454,288 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012.08.13 17:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012.08.02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012.07.16 16:38:22 | 000,023,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\johci.sys -- (johci)
DRV - [2012.06.19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2011.07.25 20:09:16 | 000,564,736 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmusb.sys -- (BTMUSB)
DRV - [2011.02.22 18:51:28 | 000,041,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmcom.sys -- (BTMCOM)
DRV - [2010.02.18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV - [2010.02.11 05:29:56 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.12.15 04:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.08 00:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.10.08 07:15:12 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008.04.28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008.04.03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2007.05.11 16:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes\{CC92B58A-F3A6-4963-B2C9-2FE339A97871}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "googel.com"
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.0.3
FF - prefs.js..extensions.enabledAddons: %7Bc50ca3c4-5656-43c2-a061-13e717f73fc8%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: ff-bmboc%40bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\HmHm\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.02.15 01:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.02.15 01:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.02.15 01:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.02.15 01:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.02.15 01:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internetmanager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.03.30 02:15:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:14:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.07 06:51:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.04 21:21:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.04 21:21:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:14:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.07 06:51:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.04 21:21:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.04 21:21:10 | 000,000,000 | ---D | M]
 
[2010.11.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Extensions
[2010.11.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.04.06 23:49:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions
[2010.08.15 14:35:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.04.05 22:03:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\ich@maltegoetz.de
[2012.02.10 11:47:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\piclens@cooliris.com
[2010.03.08 15:19:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\searchrecs@veoh.com
[2013.02.14 21:59:31 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2013.02.14 23:10:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.06 23:49:45 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.12.01 12:48:30 | 000,077,690 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2010.04.12 17:33:03 | 000,001,819 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\searchplugins\bing.xml
[2013.03.08 22:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.30 02:15:40 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 11.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2010.04.01 14:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNETMANAGER\BIN\ADDON
[2013.02.15 01:41:22 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2013.03.08 22:14:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.19 14:42:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 02:32:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.19 14:42:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.06 10:11:01 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2012.06.19 14:42:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 14:42:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 14:42:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://de.pokerstrategy.com/home/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: FB unseen = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcedcpmfdpjijiamkaeaefgfagnnpei\0.1.0_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Google Mail = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Mail = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
CHR - Extension: Anti-Banner = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\.DEFAULT..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found
O4 - HKU\S-1-5-18..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\HmHm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HmHm\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\Resources\deu.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\Resources\deu.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80424655-1B4B-44CD-8CBC-683ED8726E55}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{55e4d7f3-f6b0-11e0-bd2f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55e4d7f3-f6b0-11e0-bd2f-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Data\setup.exe
O33 - MountPoints2\{74261fc6-773a-11e2-af1e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74261fc6-773a-11e2-af1e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.08 22:25:40 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.04.07 22:03:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.07 13:39:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe
[2013.04.07 02:11:25 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\HmHm\Desktop\aswMBR.exe
[2013.04.07 01:23:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.04.07 00:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.04.07 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Roaming\Malwarebytes
[2013.04.07 00:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.07 00:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.07 00:46:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.07 00:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.04.05 23:27:32 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Documents\ProcAlyzer Dumps
[2013.04.05 22:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.04.05 01:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.04.04 23:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.04.04 23:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013.04.04 21:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.03.31 20:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.03.31 20:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.31 19:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.03.31 19:52:48 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.03.31 19:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2013.03.30 10:51:48 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Roaming\HpUpdate
[2013.03.30 10:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.03.30 10:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013.03.30 10:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.03.30 10:43:30 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Local\HP
[2013.03.30 01:09:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.03.29 14:01:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.03.29 13:37:54 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\HmHm\Desktop\tdsskiller.exe
[2013.03.29 10:47:27 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Desktop\Filme
[2013.03.29 10:38:06 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Desktop\Büro
[2013.03.22 23:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.11 00:55:37 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmnet.dll
[2013.03.11 00:55:37 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bminstall.dll
[2013.03.11 00:55:37 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmdumpd.bin
[2013.03.11 00:55:37 | 000,024,192 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\tcpipBM.sys
[2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys
[2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys
[2013.03.11 00:54:42 | 000,106,880 | ---- | C] (HSPADataCard Incorporated) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys
[2013.03.11 00:54:42 | 000,010,240 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2013.03.11 00:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\congstar Internet-Manager
[2013.03.11 00:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\congstar
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.09 21:41:10 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.09 21:41:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 21:41:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 21:40:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.09 21:40:53 | 2372,464,640 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.09 21:39:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.09 21:32:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.09 21:29:08 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068858174-2851846924-383880506-1000UA.job
[2013.04.09 21:23:21 | 000,022,620 | ---- | M] () -- C:\Users\HmHm\Desktop\RS_CS_Kombicheck April_R1.ods
[2013.04.09 21:20:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.09 21:15:20 | 000,613,083 | ---- | M] () -- C:\Users\HmHm\Desktop\adwcleaner.exe
[2013.04.08 23:09:18 | 000,000,512 | ---- | M] () -- C:\Users\HmHm\Desktop\MBR.dat
[2013.04.08 22:29:02 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068858174-2851846924-383880506-1000Core.job
[2013.04.08 22:25:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.04.07 15:27:41 | 000,640,404 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.07 15:27:41 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.07 15:27:41 | 000,130,456 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.07 15:27:41 | 000,108,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.07 13:44:35 | 000,377,856 | ---- | M] () -- C:\Users\HmHm\Desktop\gmer_2.1.19163.exe
[2013.04.07 13:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe
[2013.04.07 12:11:52 | 000,000,512 | ---- | M] () -- C:\Users\HmHm\Documents\MBR.dat
[2013.04.07 02:26:42 | 000,000,020 | ---- | M] () -- C:\Users\HmHm\defogger_reenable
[2013.04.07 02:15:08 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\HmHm\Desktop\aswMBR.exe
[2013.04.07 01:23:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.04.07 00:46:13 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.07 00:15:02 | 000,050,477 | ---- | M] () -- C:\Users\HmHm\Desktop\Defogger.exe
[2013.04.05 17:24:30 | 000,004,936 | ---- | M] () -- C:\Users\HmHm\Documents\cc_20130405_172425.reg
[2013.04.02 01:30:57 | 000,002,082 | ---- | M] () -- C:\Users\HmHm\Desktop\Google Chrome.lnk
[2013.03.31 19:55:03 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.03.31 19:52:48 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.03.30 10:51:23 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk
[2013.03.30 10:51:22 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6600.lnk
[2013.03.30 10:51:19 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk
[2013.03.30 10:45:12 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013.03.30 02:30:51 | 000,338,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.30 02:16:30 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk
[2013.03.30 02:16:30 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
[2013.03.29 13:38:39 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\HmHm\Desktop\tdsskiller.exe
[2013.03.29 11:24:27 | 000,000,995 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.29 11:23:58 | 000,000,961 | ---- | M] () -- C:\Users\HmHm\Desktop\Dropbox.lnk
[2013.03.11 00:54:28 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.09 21:23:17 | 000,022,620 | ---- | C] () -- C:\Users\HmHm\Desktop\RS_CS_Kombicheck April_R1.ods
[2013.04.09 21:14:39 | 000,613,083 | ---- | C] () -- C:\Users\HmHm\Desktop\adwcleaner.exe
[2013.04.08 23:09:18 | 000,000,512 | ---- | C] () -- C:\Users\HmHm\Desktop\MBR.dat
[2013.04.07 13:41:21 | 000,377,856 | ---- | C] () -- C:\Users\HmHm\Desktop\gmer_2.1.19163.exe
[2013.04.07 13:33:25 | 000,050,477 | ---- | C] () -- C:\Users\HmHm\Desktop\Defogger.exe
[2013.04.07 12:11:52 | 000,000,512 | ---- | C] () -- C:\Users\HmHm\Documents\MBR.dat
[2013.04.07 02:25:23 | 000,000,020 | ---- | C] () -- C:\Users\HmHm\defogger_reenable
[2013.04.07 00:46:13 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.06 22:57:05 | 2372,464,640 | -HS- | C] () -- C:\hiberfil.sys
[2013.04.05 17:24:29 | 000,004,936 | ---- | C] () -- C:\Users\HmHm\Documents\cc_20130405_172425.reg
[2013.03.31 19:55:03 | 000,001,741 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.03.30 10:51:23 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk
[2013.03.30 10:51:22 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6600.lnk
[2013.03.30 10:51:19 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk
[2013.03.30 10:45:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.03.30 02:16:30 | 000,002,437 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
[2013.03.30 02:16:30 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
[2013.03.30 02:16:30 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk
[2013.03.30 02:16:30 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
[2013.03.30 02:16:30 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
[2013.03.11 00:54:28 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\congstar Internet-Manager.lnk
[2013.02.15 08:47:43 | 000,396,597 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.11.16 21:37:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2012.11.16 17:01:04 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.06.04 18:27:28 | 000,000,448 | ---- | C] () -- C:\ProgramData\dobkrujvufrlmra
[2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.10.20 19:28:09 | 000,000,680 | ---- | C] () -- C:\Users\HmHm\AppData\Local\d3d9caps.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.09.04 00:10:37 | 000,000,104 | ---- | C] () -- C:\Users\HmHm\Papierkorb.lnk
[2011.08.27 23:07:26 | 000,017,408 | ---- | C] () -- C:\Users\HmHm\AppData\Local\WebpageIcons.db
[2011.06.01 13:50:01 | 000,000,045 | ---- | C] () -- C:\Users\HmHm\AppData\Local\machpro.dat
[2011.06.01 10:29:22 | 000,337,856 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2010.12.29 23:02:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.30 21:11:20 | 000,026,112 | ---- | C] () -- C:\Users\HmHm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.10 00:01:36 | 000,000,262 | ---- | C] () -- C:\Users\HmHm\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.14 22:33:58 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Applian FLV and Media Player
[2011.05.14 14:29:14 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Azureus
[2011.07.15 01:39:07 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Canon
[2013.03.31 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\DAEMON Tools Lite
[2012.07.29 23:55:13 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Downloaded Installations
[2013.04.09 21:41:30 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Dropbox
[2013.02.14 21:59:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\GrabIt
[2011.08.28 00:53:58 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Gutscheinmieze
[2011.06.01 09:30:56 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\HEM Data
[2011.10.15 00:06:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Internetmanager
[2012.07.30 00:02:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Nitro PDF
[2010.11.29 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\OpenOffice.org
[2009.10.26 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\postgresql
[2011.08.22 08:20:27 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Template
[2010.11.29 12:25:57 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Thunderbird
[2013.03.30 01:10:34 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\TuneUp Software
[2012.07.21 22:53:31 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\UDC Profiles
[2012.04.16 15:50:11 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

aharonov 09.04.2013 22:28
Hi,

mach bitte folgende Schritte und kontrolliere dann, ob die Umleitungen noch vorhanden sind oder nicht mehr.

  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
:OTL
[2013.02.14 21:59:31 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9
[2012.06.04 18:27:28 | 000,000,448 | ---- | C] () -- C:\ProgramData\dobkrujvufrlmra
[2011.06.06 10:11:01 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"

:commands
[emptytemp]
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von OTL

HabKeinNick 11.04.2013 23:48
Danke für die Hilfe :bussi:

Es scheint geholfen zu haben.

Beim ersten "Fix-Versuch" hatte sich der Laptop "aufgehängt", jedoch wurden die Dateien und Einträge trotzdem gelöscht. Beim zweiten "Fix-Versuch" lief alles glatt.

date_time>.log (vom zweiten "Fix-Versuch)"

Code:
All processes killed
========== OTL ==========
File C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi not found.
Unable to delete ADS C:\ProgramData\TEMP:CB0AACC9 .
File C:\ProgramData\dobkrujvufrlmra not found.
File C:\Program Files\mozilla firefox\searchplugins\foxsearch.src not found.
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: HmHm
->Temp folder emptied: 132786441 bytes
->Temporary Internet Files folder emptied: 105058355 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 50627730 bytes
->Google Chrome cache emptied: 6500561 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24589336 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 305,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04102013_001229

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\hsperfdata_SYSTEM\656 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
OTL Log

Code:
OTL logfile created on: 11.04.2013 21:39:30 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\HmHm\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,21 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 60,34% Memory free
4,64 Gb Paging File | 3,75 Gb Available in Paging File | 80,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 35,77 Gb Free Space | 37,99% Space Free | Partition Type: NTFS
Drive D: | 195,07 Gb Total Space | 169,06 Gb Free Space | 86,66% Space Free | Partition Type: NTFS
 
Computer Name: HMHM-PC | User Name: HmHm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.07 13:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe
PRC - [2013.02.15 01:37:42 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.16 22:45:20 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.11.16 16:26:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.07.20 12:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\LEsrv.exe
PRC - [2011.07.20 12:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\audiosrv.exe
PRC - [2011.07.20 12:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe
PRC - [2011.06.17 20:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) -- C:\Programme\Motorola\Bluetooth\obexsrv.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2008.07.22 04:05:00 | 000,139,264 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonClient.exe
PRC - [2008.07.22 04:05:00 | 000,122,880 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonServer.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2007.07.27 04:41:00 | 000,023,040 | ---- | M] () -- C:\Windows\System32\BeepApp.exe
PRC - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
PRC - [2006.12.14 17:04:04 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\AMD\RAIDXpert\_jvm\bin\java.exe
PRC - [2003.09.29 09:00:00 | 000,110,592 | ---- | M] () -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.16 21:37:32 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.14 01:20:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 22:14:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.15 01:37:42 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.12.18 21:08:30 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.20 02:07:10 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.11.16 22:44:46 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.11.16 16:26:10 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011.07.20 12:28:46 | 000,452,656 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\LEsrv.exe -- (Bluetooth Low Energy Service)
SRV - [2011.07.20 12:28:30 | 000,948,272 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV - [2011.07.20 12:28:26 | 003,538,480 | ---- | M] (Motorola Solutions, Inc.) [On_Demand | Running] -- C:\Programme\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.17 20:29:56 | 000,566,832 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Programme\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.15 15:51:44 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.09.29 09:00:00 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Programme\AMD\RAIDXpert\jetty\extra\win32\Wrapper.exe -- (AMDRAIDXpert)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013.04.08 22:25:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013.03.31 19:52:48 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013.02.17 15:58:48 | 000,021,624 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\System32\drivers\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2013.02.01 11:47:14 | 000,148,208 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.11.20 02:16:23 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.11.20 02:16:23 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012.11.16 23:07:06 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.11.16 21:38:48 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.11.09 22:25:58 | 000,454,288 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012.08.13 17:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012.08.02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012.07.16 16:38:22 | 000,023,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\johci.sys -- (johci)
DRV - [2012.06.19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2011.07.25 20:09:16 | 000,564,736 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btmusb.sys -- (BTMUSB)
DRV - [2011.02.22 18:51:28 | 000,041,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmcom.sys -- (BTMCOM)
DRV - [2010.02.18 10:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV - [2010.02.11 05:29:56 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV - [2010.02.11 05:29:56 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.12.15 04:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.08 00:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.10.08 07:15:12 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008.04.28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008.04.03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2007.05.11 16:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\SearchScopes\{CC92B58A-F3A6-4963-B2C9-2FE339A97871}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "googel.com"
FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.0.3
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: ff-bmboc%40bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:2.0
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\HmHm\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.02.15 01:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.02.15 01:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.02.15 01:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.02.15 01:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.02.15 01:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internetmanager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.03.30 02:15:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:14:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.07 06:51:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.04 21:21:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.04 21:21:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:14:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.07 06:51:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.04 21:21:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.04 21:21:10 | 000,000,000 | ---D | M]
 
[2010.11.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Extensions
[2010.11.29 12:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.04.09 23:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions
[2010.08.15 14:35:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.04.05 22:03:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\ich@maltegoetz.de
[2012.02.10 11:47:13 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\piclens@cooliris.com
[2010.03.08 15:19:42 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\HmHm\AppData\Roaming\mozilla\Firefox\Profiles\09kxthrh.default\extensions\searchrecs@veoh.com
[2013.02.14 23:10:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.06 23:49:45 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.12.01 12:48:30 | 000,077,690 | ---- | M] () (No name found) -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2010.04.12 17:33:03 | 000,001,819 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\mozilla\firefox\profiles\09kxthrh.default\searchplugins\bing.xml
[2013.03.08 22:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.30 02:15:40 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 11.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2010.04.01 14:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNETMANAGER\BIN\ADDON
[2013.02.15 01:41:22 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2013.03.08 22:14:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.19 14:42:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 02:32:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.19 14:42:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 14:42:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 14:42:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 14:42:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://de.pokerstrategy.com/home/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\HmHm\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: FB unseen = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcedcpmfdpjijiamkaeaefgfagnnpei\0.1.0_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Google Mail = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Mail = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
CHR - Extension: Anti-Banner = C:\Users\HmHm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\.DEFAULT..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found
O4 - HKU\S-1-5-18..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\HmHm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HmHm\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\Resources\deu.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\Resources\deu.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Programme\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3068858174-2851846924-383880506-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80424655-1B4B-44CD-8CBC-683ED8726E55}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{55e4d7f3-f6b0-11e0-bd2f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55e4d7f3-f6b0-11e0-bd2f-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Data\setup.exe
O33 - MountPoints2\{74261fc6-773a-11e2-af1e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{74261fc6-773a-11e2-af1e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.09 23:39:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.08 22:25:40 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.04.07 22:03:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.07 13:39:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe
[2013.04.07 02:11:25 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\HmHm\Desktop\aswMBR.exe
[2013.04.07 01:23:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.04.07 00:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.04.07 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Roaming\Malwarebytes
[2013.04.07 00:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.07 00:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.07 00:46:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.07 00:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.04.05 23:27:32 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Documents\ProcAlyzer Dumps
[2013.04.05 22:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.04.05 01:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.04.04 23:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.04.04 23:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013.04.04 21:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.03.31 20:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.03.31 20:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.31 19:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.03.31 19:52:48 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.03.31 19:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2013.03.30 10:51:48 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Roaming\HpUpdate
[2013.03.30 10:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.03.30 10:45:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013.03.30 10:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013.03.30 10:43:30 | 000,000,000 | ---D | C] -- C:\Users\HmHm\AppData\Local\HP
[2013.03.30 01:09:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.03.29 14:01:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.03.29 13:37:54 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\HmHm\Desktop\tdsskiller.exe
[2013.03.29 10:47:27 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Desktop\Filme
[2013.03.29 10:38:06 | 000,000,000 | ---D | C] -- C:\Users\HmHm\Desktop\Büro
[2013.03.22 23:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.11 21:37:43 | 000,022,880 | ---- | M] () -- C:\Users\HmHm\Desktop\RS_CS_Kombicheck April_R1.ods
[2013.04.11 21:32:24 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.11 21:31:45 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068858174-2851846924-383880506-1000UA.job
[2013.04.11 21:31:35 | 000,002,082 | ---- | M] () -- C:\Users\HmHm\Desktop\Google Chrome.lnk
[2013.04.11 21:20:44 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.11 21:09:53 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.11 21:09:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 21:09:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 21:09:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.11 21:09:37 | 2372,464,640 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.10 23:12:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.10 22:29:03 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068858174-2851846924-383880506-1000Core.job
[2013.04.09 21:15:20 | 000,613,083 | ---- | M] () -- C:\Users\HmHm\Desktop\adwcleaner.exe
[2013.04.08 23:09:18 | 000,000,512 | ---- | M] () -- C:\Users\HmHm\Desktop\MBR.dat
[2013.04.08 22:25:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.04.07 15:27:41 | 000,640,404 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.07 15:27:41 | 000,607,658 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.07 15:27:41 | 000,130,456 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.07 15:27:41 | 000,108,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.07 13:44:35 | 000,377,856 | ---- | M] () -- C:\Users\HmHm\Desktop\gmer_2.1.19163.exe
[2013.04.07 13:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HmHm\Desktop\OTL.exe
[2013.04.07 12:11:52 | 000,000,512 | ---- | M] () -- C:\Users\HmHm\Documents\MBR.dat
[2013.04.07 02:26:42 | 000,000,020 | ---- | M] () -- C:\Users\HmHm\defogger_reenable
[2013.04.07 02:15:08 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\HmHm\Desktop\aswMBR.exe
[2013.04.07 01:23:13 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.04.07 00:46:13 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.07 00:15:02 | 000,050,477 | ---- | M] () -- C:\Users\HmHm\Desktop\Defogger.exe
[2013.04.05 17:24:30 | 000,004,936 | ---- | M] () -- C:\Users\HmHm\Documents\cc_20130405_172425.reg
[2013.03.31 19:55:03 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.03.31 19:52:48 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.03.30 10:51:23 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk
[2013.03.30 10:51:22 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6600.lnk
[2013.03.30 10:51:19 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk
[2013.03.30 10:45:12 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013.03.30 02:30:51 | 000,338,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.30 02:16:30 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk
[2013.03.30 02:16:30 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
[2013.03.29 13:38:39 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\HmHm\Desktop\tdsskiller.exe
[2013.03.29 11:24:27 | 000,000,995 | ---- | M] () -- C:\Users\HmHm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.29 11:23:58 | 000,000,961 | ---- | M] () -- C:\Users\HmHm\Desktop\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.09 21:23:17 | 000,022,880 | ---- | C] () -- C:\Users\HmHm\Desktop\RS_CS_Kombicheck April_R1.ods
[2013.04.09 21:14:39 | 000,613,083 | ---- | C] () -- C:\Users\HmHm\Desktop\adwcleaner.exe
[2013.04.08 23:09:18 | 000,000,512 | ---- | C] () -- C:\Users\HmHm\Desktop\MBR.dat
[2013.04.07 13:41:21 | 000,377,856 | ---- | C] () -- C:\Users\HmHm\Desktop\gmer_2.1.19163.exe
[2013.04.07 13:33:25 | 000,050,477 | ---- | C] () -- C:\Users\HmHm\Desktop\Defogger.exe
[2013.04.07 12:11:52 | 000,000,512 | ---- | C] () -- C:\Users\HmHm\Documents\MBR.dat
[2013.04.07 02:25:23 | 000,000,020 | ---- | C] () -- C:\Users\HmHm\defogger_reenable
[2013.04.07 00:46:13 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.06 22:57:05 | 2372,464,640 | -HS- | C] () -- C:\hiberfil.sys
[2013.04.05 17:24:29 | 000,004,936 | ---- | C] () -- C:\Users\HmHm\Documents\cc_20130405_172425.reg
[2013.03.31 19:55:03 | 000,001,741 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.03.30 10:51:23 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet 6600.lnk
[2013.03.30 10:51:22 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6600.lnk
[2013.03.30 10:51:19 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6600.lnk
[2013.03.30 10:45:12 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.03.30 02:16:30 | 000,002,437 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
[2013.03.30 02:16:30 | 000,002,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
[2013.03.30 02:16:30 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe FormsCentral.lnk
[2013.03.30 02:16:30 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
[2013.03.30 02:16:30 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
[2013.02.15 08:47:43 | 000,396,597 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.11.16 21:37:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2012.11.16 17:01:04 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.10.20 19:28:09 | 000,000,680 | ---- | C] () -- C:\Users\HmHm\AppData\Local\d3d9caps.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.09.04 00:10:37 | 000,000,104 | ---- | C] () -- C:\Users\HmHm\Papierkorb.lnk
[2011.08.27 23:07:26 | 000,017,408 | ---- | C] () -- C:\Users\HmHm\AppData\Local\WebpageIcons.db
[2011.06.01 13:50:01 | 000,000,045 | ---- | C] () -- C:\Users\HmHm\AppData\Local\machpro.dat
[2011.06.01 10:29:22 | 000,337,856 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2010.12.29 23:02:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.30 21:11:20 | 000,026,112 | ---- | C] () -- C:\Users\HmHm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.10 00:01:36 | 000,000,262 | ---- | C] () -- C:\Users\HmHm\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.14 22:33:58 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Applian FLV and Media Player
[2011.05.14 14:29:14 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Azureus
[2011.07.15 01:39:07 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Canon
[2013.03.31 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\DAEMON Tools Lite
[2012.07.29 23:55:13 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Downloaded Installations
[2013.04.11 21:14:39 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Dropbox
[2013.02.14 21:59:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\GrabIt
[2011.08.28 00:53:58 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Gutscheinmieze
[2011.06.01 09:30:56 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\HEM Data
[2011.10.15 00:06:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Internetmanager
[2012.07.30 00:02:37 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Nitro PDF
[2010.11.29 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\OpenOffice.org
[2009.10.26 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\postgresql
[2011.08.22 08:20:27 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Template
[2010.11.29 12:25:57 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Thunderbird
[2013.03.30 01:10:34 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\TuneUp Software
[2012.07.21 22:53:31 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\UDC Profiles
[2012.04.16 15:50:11 | 000,000,000 | ---D | M] -- C:\Users\HmHm\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
Seit dem "Fixen" funktioniert die Googelsuche wieder einwandfrei, ohne irgendwelche Spamergebnisse :-)

aharonov 12.04.2013 01:35
Hallo,

Zitat:
Seit dem "Fixen" funktioniert die Googelsuche wieder einwandfrei, ohne irgendwelche Spamergebnisse :-)
Prima, dann machen wir noch eine Kontrolle und schliessen vorhandene Sicherheitslücken.


Schritt 1
  • Öffne das Programm Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 2
  • Downloade dir bitte den Panda Cloud Cleaner und starte den Scan.
  • Bitte nichts löschen. Am Ende nur "View Report" unten rechts klicken.
  • Kopiere den Scanreport hier in den Thread.



Schritt 3

Downloade dir bitte SecurityCheck (Link 1, Link 2).
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Log von MBAM
  • Log von Panda
  • Log von SecurityCheck

HabKeinNick 14.04.2013 14:08
Hier die Logs:

MWAB-Log

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.13.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
HmHm :: HMHM-PC [Administrator]

Schutz: Deaktiviert

14.04.2013 10:15:40
mbam-log-2013-04-14 (10-15-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 230437
Laufzeit: 18 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Pands-Log:

Code:
Broken Link. FILE: File not found:C:\FSC-REG\FSCREG.EXE to be deleted.

Broken Link. REGKEY: HKUS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[fsc-reg]. Value: fsc-reg To be deleted.

Broken Link. REGKEY: HKUS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[fsc-reg]. Value: fsc-reg To be deleted.

Broken Link. FILE: File not found:C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\VEOHWEBPLAYER.EXE "/VISTARUNASSTDUSER" to be deleted.

Broken Link. TASK: Task\[RunAsStdUser Task for VeohWebPlayer]. Task to be deleted.

Broken Link. FILE: File not found:C:\PROGRAM FILES\COMPUTER UPDATER\COMPUTERUP-DATER.EXE to be deleted.

Broken Link. REGKEY: HKUS\S-1-5-21-3068858174-2851846924-383880506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[Computer Updater]. Value: Computer Updater To be deleted.

Broken Link. FILE: File not found:C:\PROGRAM FILES\SMART PC CLEANER\SPCLAUNCHER.EXE to be deleted.

Broken Link. REGKEY: HKUS\S-1-5-21-3068858174-2851846924-383880506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[Smart PC Cleaner]. Value: Smart PC Cleaner To be deleted.

Broken Link. FILE: File not found:C:\PROGRAM FILES\PC SPEED UP\PCSUNOTIFIER.EXE to be deleted.

Broken Link. REGKEY: HKUS\S-1-5-21-3068858174-2851846924-383880506-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[PCSpeedUp]. Value: PCSpeedUp To be deleted.

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

Security-Check-Log:

Code:
Results of screen317's Security Check version 0.99.62 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security 
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 CCleaner   
 Panda Cloud Cleaner 
 Java 7 Update 17 
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player        11.6.602.180 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (20.0.1)
 Mozilla Thunderbird (17.0.5)
 Google Chrome 26.0.1410.43 
 Google Chrome 26.0.1410.64 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
Nochmal vielen Dank :dankeschoen: Sehr schnelle und verständliche Hilfe :applaus::applaus:

Muss ich mir eigentlich Sorgen um meine Passwörter machen oder war der Virus/Trojaner "harmlos"?

aharonov 14.04.2013 14:12
Hi,

Zitat:
Muss ich mir eigentlich Sorgen um meine Passwörter machen oder war der Virus/Trojaner "harmlos"?
Was ich hier gesehen habe, war harmlos. Aber es ist sowieso eine gute Idee, von Zeit zu Zeit die Passwörter zu ändern..

Es bleiben nur noch Aufräumarbeiten zu tun. :)


Schritt 1

Dein Flashplayer ist veraltet. Installiere folgendermassen die aktuelle Version:
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.



Schritt 2

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
  • Deinstalliere bitte deine aktuelle Version von Adobe Reader über
    Start --> Systemsteuerung --> Software (bei Windows XP)
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.



Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
  1. Falls zu Beginn defogger verwendet wurde, dann starte defogger und drücke den Button Re-enable.
  2. Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
  3. Auch den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
  4. Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
    • Schliesse alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
  5. Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.




>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus. :daumenhoc

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.




Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
  • Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
  • Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
  • Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
  • Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
  • Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
  • Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
  • NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
  • Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
  • Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
  • Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
  • Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:
  • Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
  • Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
  • Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
  • Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
  • Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)

HabKeinNick 15.04.2013 23:12
Ein großen aufrichten Dank von mir :-) Die Hilfe und Erklärungen waren super und leicht verständlich. Alles funktioniert einwandfrei und ich habe keine Fragen mehr.

aharonov 15.04.2013 23:29
Danke für die Rückmeldung.


Freut mich, dass wir helfen konnten. :abklatsch:

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:03 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131