Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mail delivery failed Emails - vermutlich Maleware Problem

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.04.2013, 17:13   #1
witchy
 
Mail delivery failed Emails - vermutlich Maleware Problem - Frage

Mail delivery failed Emails - vermutlich Maleware Problem



Liebe fleissigen Helferlein vom Trojaner Board,

ich bekomme seit ein paar Tagen Emails mit dem Betreff "Mail delivery failed" in denen meine Email Adresse als Absender steht. Da ich 3 Spiele Bei Zylom gekauft und eines nun öfter gespielt habe, vermute ich, dass ich mir wohl damit Maleware eingefangen habe.

Mein Virenscanner Kaspersky hat zwar schon einmal eine Trojaner- bzw. Maleware-Meldung gebracht, aber ich Drösel habe das Programm zugelassen.

Leider habe ich zu wenig Ahnung von der Materie um mir selber zu helfen, deswegen wende ich mich an euch, die Spezialisten.

Ich habe bereits Malewarebytes runtergeladen und das ist die "Auswertung":

malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.26.14

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

27.03.2013 13:58:11
mbam-log-2013-03-27 (13-58-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 379376
Laufzeit: 2 Stunde(n), 53 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\***\AppData\Local\Zylom Games\Fishdom - Seasons Under the Sea Deluxe\Fishdom.exe (PUP.Downloader.ZYL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Zylom Games\Fishdom - Spooky Splash Deluxe\fishdomspookysplash.exe (PUP.Downloader.ZYL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Zylom Games\Fishdom 2 Deluxe\Fishdom.exe (PUP.Downloader.ZYL) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Dann habe ich defogger heruntergeladen und ausgeführt. Es kam keine Fehlermeldung.


Heute habe ich OTL runtergeladen und dies sind die Text-Dateien:


OTL-Txt:

OTL logfile created on: 02.04.2013 14:56:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rike\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 58,92% Memory free
4,23 Gb Paging File | 2,73 Gb Available in Paging File | 64,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 84,50 Gb Free Space | 56,69% Space Free | Partition Type: NTFS
Drive D: | 146,00 Gb Total Space | 72,55 Gb Free Space | 49,69% Space Free | Partition Type: NTFS

Computer Name: RIKE-PC | User Name: Rike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.04.02 14:55:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rike\Downloads\OTL.exe
PRC - [2013.03.12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Online Games Manager\ogmservice.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.18 12:02:43 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2012.12.12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2012.12.01 00:22:45 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012.11.29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012.11.13 14:40:53 | 000,366,576 | ---- | M] (IncrediMail, Ltd.) -- C:\Programme\IncrediMail\Bin\IncMail.exe
PRC - [2012.11.13 14:40:53 | 000,264,176 | ---- | M] (IncrediMail, Ltd.) -- C:\Programme\IncrediMail\Bin\ImApp.exe
PRC - [2012.06.06 09:15:30 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe
PRC - [2011.09.09 17:01:16 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
PRC - [2011.09.09 16:49:30 | 000,643,944 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2007.05.09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe


========== Modules (No Company Name) ==========

MOD - [2012.11.13 14:40:54 | 000,108,448 | ---- | M] () -- C:\Programme\IncrediMail\Bin\PMC.dll
MOD - [2012.11.13 14:40:54 | 000,071,664 | ---- | M] () -- C:\Programme\IncrediMail\Bin\wlessfp1.dll
MOD - [2012.11.13 14:40:53 | 000,268,272 | ---- | M] () -- C:\Programme\IncrediMail\Bin\ImLookExU.dll
MOD - [2012.11.13 14:40:53 | 000,133,104 | ---- | M] () -- C:\Programme\IncrediMail\Bin\ImComUtlU.dll
MOD - [2012.11.13 14:40:53 | 000,079,856 | ---- | M] () -- C:\Programme\IncrediMail\Bin\ImAppRU.dll
MOD - [2012.11.13 14:40:53 | 000,032,680 | ---- | M] () -- C:\Programme\IncrediMail\Bin\IMHttpComm.dll
MOD - [2012.08.17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll


========== Services (SafeList) ==========

SRV - [2013.03.12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Programme\Online Games Manager\ogmservice.exe -- (ogmservice)
SRV - [2013.03.08 14:56:48 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.01 00:22:45 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.11.29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.06 09:15:30 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.12.01 00:29:09 | 000,589,144 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012.12.01 00:29:09 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012.10.25 13:42:02 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012.09.19 11:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012.08.13 17:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012.08.02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012.06.19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2012.05.11 07:34:06 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012.04.22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.12.30 13:20:26 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2010.12.30 13:20:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2010.12.30 13:20:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.12.30 13:20:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.12.30 13:20:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010.12.30 13:19:46 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2009.06.16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.01.19 08:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007.10.10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.09.26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.03.05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Programme\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Programme\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1eyo1G8uA54
IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.ebay.de"
FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.579
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1a362281000000000000001dd9eb4d47&tlver=1.4.31.2&instlRef=&ss=1&affID=100365&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.08.15 13:35:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.18 12:04:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:56:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011.07.15 00:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rike\AppData\Roaming\mozilla\Extensions
[2013.01.03 17:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rike\AppData\Roaming\mozilla\Firefox\Profiles\15samsl2.default\extensions
[2012.01.09 21:31:05 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Rike\AppData\Roaming\mozilla\Firefox\Profiles\15samsl2.default\extensions\ffxtlbr@babylon.com
[2013.03.08 14:56:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 14:56:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.20 19:54:46 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2012.12.18 12:04:47 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013.03.08 14:56:49 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.18 14:36:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 11:16:44 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.18 14:36:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.18 14:36:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.18 14:36:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.18 14:36:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\npbrowserext.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Web Assistant = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.457_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: RealDownloader = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Skype Extension = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\
CHR - Extension: Anti-Banner = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Program Files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll (Conduit Ltd.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Program Files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\..\Toolbar\WebBrowser: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - C:\Programme\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Programme\IncrediMail\Bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11BBDDAA-5B74-42EB-A6F3-D0D567C18A91}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0AFF43A-621A-46FD-82F1-8ACF19E8B160}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rike\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rike\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.04.02 12:04:25 | 000,000,000 | ---D | C] -- C:\a1c184cb90d61239a326
[2013.03.27 00:50:16 | 000,000,000 | ---D | C] -- C:\Users\Rike\Documents\Schulter
[2013.03.26 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Roaming\Malwarebytes
[2013.03.26 23:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.26 23:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.26 23:36:44 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.26 23:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.10 16:18:58 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\GameHouse
[2013.03.08 14:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013.04.02 14:49:32 | 000,000,000 | ---- | M] () -- C:\Users\Rike\defogger_reenable
[2013.04.02 14:24:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.02 14:00:17 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.04.02 14:00:15 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.04.02 14:00:15 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.02 14:00:15 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.02 14:00:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.02 12:00:57 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.02 12:00:57 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.02 12:00:57 | 000,126,510 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.02 12:00:57 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.02 11:53:25 | 000,001,773 | ---- | M] () -- C:\Users\Rike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
[2013.04.02 11:53:14 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.02 11:52:46 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.02 01:49:13 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.01 19:26:26 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.26 23:36:48 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.17 15:28:09 | 286,760,927 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.13 11:40:27 | 000,019,456 | ---- | M] () -- C:\Users\Rike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2013.04.02 14:49:32 | 000,000,000 | ---- | C] () -- C:\Users\Rike\defogger_reenable
[2013.03.26 23:36:48 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.10 22:26:35 | 000,001,502 | ---- | C] () -- C:\Users\Rike\.recently-used.xbel
[2012.11.28 14:47:53 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.11.14 20:58:29 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2012.11.14 20:57:47 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.12.05 22:33:48 | 000,017,408 | ---- | C] () -- C:\Users\Rike\AppData\Local\WebpageIcons.db
[2011.07.19 14:25:38 | 000,166,605 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2011.07.19 14:25:38 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011.07.17 14:01:18 | 000,019,456 | ---- | C] () -- C:\Users\Rike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.16 01:41:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.07.16 01:33:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.07.16 01:33:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.07.16 01:31:12 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.07.15 23:35:54 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2011.07.14 23:37:54 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.07.14 23:37:17 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.07.14 22:30:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.14 22:14:22 | 000,186,464 | ---- | C] () -- C:\Windows\hpoins21.dat
[2011.07.14 22:14:22 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2011.07.14 21:46:25 | 000,000,680 | ---- | C] () -- C:\Users\Rike\AppData\Local\d3d9caps.dat
[2011.07.14 21:31:39 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat

========== ZeroAccess Check ==========

[2006.11.02 14:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.01.22 01:18:24 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Amazon
[2013.01.14 21:42:12 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Audacity
[2011.07.19 22:21:44 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Babylon
[2012.11.22 21:39:56 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\calibre
[2012.12.10 22:28:39 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\gtk-2.0
[2012.11.14 20:58:59 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\MAGIX
[2012.07.01 14:34:50 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Nokia
[2012.07.01 14:34:51 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Nokia Suite
[2012.06.28 00:36:16 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\PC Suite
[2013.01.02 23:52:36 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\PhotoScape
[2012.11.15 13:31:12 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Playrix Entertainment
[2011.07.27 16:27:36 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\SmartTools
[2013.01.03 17:22:47 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\UDC Profiles
[2012.08.30 10:50:01 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Vodafone
[2012.11.15 13:30:46 | 000,000,000 | ---D | M] -- C:\Users\Rike\AppData\Roaming\Zylom

========== Purity Check ==========



< End of report >


Hier die Extra.Txt:

OTL Extras logfile created on: 02.04.2013 14:56:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rike\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 58,92% Memory free
4,23 Gb Paging File | 2,73 Gb Available in Paging File | 64,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 84,50 Gb Free Space | 56,69% Space Free | Partition Type: NTFS
Drive D: | 146,00 Gb Total Space | 72,55 Gb Free Space | 49,69% Space Free | Partition Type: NTFS

Computer Name: RIKE-PC | User Name: Rike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{190C6300-2B84-431F-9BC8-7698FF62CC9B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{30593774-0A21-4EED-A2AD-6243660C0251}" = lport=138 | protocol=17 | dir=in | app=system |
"{37C66F52-CFB7-44B2-B0F8-A06A399E0618}" = rport=445 | protocol=6 | dir=out | app=system |
"{443DE31E-C10D-4F5E-86C0-C855341360F7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4523FEB0-2BB1-4897-8435-47B53C63408C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4F488A2A-1E0D-4161-9A38-F37BF58138C7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{552A8218-30C8-442D-9B27-CAFF9B93A5C1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{606B6052-6D86-4BB5-986E-2256805BE253}" = lport=139 | protocol=6 | dir=in | app=system |
"{6A1803E3-E309-4ADE-998B-20EB7B413F5B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A32A5AF-AC80-4B42-8FF4-70C8EE509BAB}" = lport=445 | protocol=6 | dir=in | app=system |
"{6F914B4B-C1B9-444E-AF29-20AD20250911}" = rport=137 | protocol=17 | dir=out | app=system |
"{8B68A314-BDC5-4721-81DD-F4F448A9BE4D}" = rport=138 | protocol=17 | dir=out | app=system |
"{944CF942-4F0B-4B81-B184-94128001AAF9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9CA35107-09C4-4BCA-AA7B-EF75457585B4}" = lport=137 | protocol=17 | dir=in | app=system |
"{B1EC4F16-A75A-48DC-A3E6-449D3D4F1C85}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8F563B5-579E-4346-B2C8-88E192863C9D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C001F7C1-B0B8-4F23-A081-E96DF64BE742}" = rport=139 | protocol=6 | dir=out | app=system |
"{CF046FEF-8E66-4060-BE76-B5B437DF995F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9EB97BE-DE73-4B80-AB22-FAC1952F6178}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB62EC5B-D0FB-4A91-9CA8-0DE95301898F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EB1F3FB4-597E-431E-846B-0017BB25F09A}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2417A877-E097-4780-A186-A24783E1D35A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{29A48A1D-266D-40E0-8C03-EDAC804CE370}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38931EE1-1C16-4CA2-B74D-3336893EC8C9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3AB1BC49-5E58-4048-A1B3-9CF21EBE99CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B195ADD-1B8A-4078-AF8B-36542166C4B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{59F6A49A-0FAE-4AAF-8322-32B6D31FF195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F664BC8-AD26-464B-8262-076A761B0B1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{649159D1-C543-4F01-9BB2-9445B2127B10}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{65504B95-5929-4BF1-A551-02E155761738}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"{6EDD0956-35DC-49FD-B4E4-03D0CE7A91B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89CA40B8-4122-46F5-92BD-CE9263FF5A13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F9029AD-8037-4D3D-98C0-C397E0758EE4}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{93FB8B41-EC61-4EFC-8E1E-9C2216559BEE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9D2AF647-7E94-4EA1-8DAA-A0E935E61E34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A029A707-4125-4740-869B-87F8B021B7A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B244666D-8306-4D82-A879-32AC324B0646}" = protocol=6 | dir=out | app=system |
"{B84AF35E-9A78-4A42-85B6-FC6EE10AD748}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{C277BD8C-4892-4A6A-B200-EB0881370DEA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C4BBDBF9-46B5-4AC4-AA43-30D1E7C23142}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3C78871-D0CB-4E9F-BA47-1400E74DF0DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6F2201A-EE22-40C2-85CA-78419CF85425}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FF30DD1D-F18D-47B2-97E3-96DBC1898B9A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EFDE8F4-691D-4CB0-B4C1-0BD63B0907FF}" = IncrediMail
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{162d74e4-7d6d-4949-8018-50e96e314696}" = C6200_Help
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.457
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CC52794-9EFB-4E79-A9BC-2CFFAB13DB0A}" = calibre
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98D64F70-1BE2-4E06-A58E-50FF642B3F24}" = HP Officejet Pro 8600 - Grundlegende Software für das Gerät
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE54D686-ACC0-42db-A46B-987A5B6D8325}" = C6200
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5e705002f617ebf70b75dc63e088477e" = MahJongg Mystery Deluxe
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Audacity_is1" = Audacity 2.0.2
"BabylonToolbar" = Babylon toolbar on IE
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Das Rettungsteam" = Das Rettungsteam
"DSGPlayer" = RTL GAME CENTER
"fd31db37f368bf575c9eb3d51ef0b9a4" = Bejeweled(R) 3
"Free YouTube Downloader Converter" = Free YouTube Downloader Converter
"Google Chrome" = Google Chrome
"Green Valley" = Green Valley
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IncrediMail" = IncrediMail 2.0
"IncrediMail_MediaBar_Deutsch_2 Toolbar" = IncrediMail MediaBar Deutsch 2 Toolbar
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"MAGIX FunPix Maker D" = MAGIX FunPix Maker 1.0.0.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Online Games Manager" = Online Games Manager v1.20
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoScape" = PhotoScape
"RealPlayer 16.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SmartToolsSchriftart-Assistentv3.50" = SmartTools Publishing • Word Schriftart-Assistent
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"UnderCoverXP_is1" = UnderCoverXP 1.23
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Fishdom - Seasons Under the Sea Deluxe" = Fishdom - Seasons Under the Sea Deluxe
"Fishdom - Spooky Splash Deluxe" = Fishdom - Spooky Splash Deluxe
"Fishdom 2 Deluxe" = Fishdom 2 Deluxe

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31.12.2012 08:44:02 | Computer Name = Rike-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 31.12.2012 08:44:02 | Computer Name = Rike-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 31.12.2012 08:44:02 | Computer Name = Rike-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 31.12.2012 08:44:02 | Computer Name = Rike-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 31.12.2012 08:44:02 | Computer Name = Rike-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 31.12.2012 08:44:02 | Computer Name = Rike-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 31.12.2012 08:44:02 | Computer Name = Rike-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 31.12.2012 08:44:02 | Computer Name = Rike-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 01.01.2013 17:49:05 | Computer Name = Rike-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 01.01.2013 17:49:05 | Computer Name = Rike-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

[ System Events ]
Error - 01.04.2013 14:08:43 | Computer Name = Rike-PC | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.

Error - 01.04.2013 15:56:08 | Computer Name = Rike-PC | Source = DCOM | ID = 10010
Description =

Error - 01.04.2013 18:09:03 | Computer Name = Rike-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 01.04.2013 18:09:07 | Computer Name = Rike-PC | Source = DCOM | ID = 10016
Description =

Error - 01.04.2013 18:09:13 | Computer Name = Rike-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 01.04.2013 19:47:52 | Computer Name = Rike-PC | Source = DCOM | ID = 10010
Description =

Error - 02.04.2013 05:54:17 | Computer Name = Rike-PC | Source = DCOM | ID = 10016
Description =

Error - 02.04.2013 05:54:19 | Computer Name = Rike-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 02.04.2013 05:54:38 | Computer Name = Rike-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 02.04.2013 08:00:03 | Computer Name = Rike-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >


Dann habe ich noch GMER runtergeladen.


Hier das Ergebnis:

GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-04-02 16:33:15
Windows 6.0.6002 Service Pack 2 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3 FUJITSU_MHY2160BH rev.0085000B 149,05GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Rike\AppData\Local\Temp\kxldrpow.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0x90884208]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcConnectPort [0x90837FB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcCreatePort [0x90838300]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAlpcSendWaitReceivePort [0x90838746]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0x9082091E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0x90837C92]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0x90820E96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0x90820D7C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0x90838164]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0x90887072]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0x90820FB6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSymbolicLinkObject [0x90848130]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0x9088650A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0x90838232]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0x90886054]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0x90820962]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0x9088434A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0x90883FB2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0x90848170]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0x90836422]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0x90820F2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0x90820E0C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0x90885BFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0x9088731E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0x9082104C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0x90886266]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwPlugPlayControl [0x90848140]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryDirectoryObject [0x908210D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0x90836630]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0x90886D20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0x9083852A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0x908383B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0x9083846E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0x9083859A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0x90886A4C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0x90837E20]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0x90886BA8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0x90821178]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0x908840BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0x90885D9C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0x908868F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0x9082118A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0x90885EFC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0x90886406]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0x90887486]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0x908871B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThreadEx [0x9088674A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateUserProcess [0x908861AE]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!KeSetEvent + 119 844F37DC 4 Bytes [08, 42, 88, 90] {OR [EDX-0x78], AL; NOP }
.text ntkrnlpa.exe!KeSetEvent + 13D 844F3800 8 Bytes [B8, 7F, 83, 90, 00, 83, 83, ...]
.text ntkrnlpa.exe!KeSetEvent + 181 844F3844 4 Bytes [46, 87, 83, 90]
.text ntkrnlpa.exe!KeSetEvent + 1A9 844F386C 4 Bytes [1E, 09, 82, 90]
.text ntkrnlpa.exe!KeSetEvent + 1C1 844F3884 4 Bytes [92, 7C, 83, 90] {XCHG EDX, EAX; JL 0xffffff86; NOP }
.text ...

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3380] kernel32.dll!SetUnhandledExceptionFilter 75FCA8B5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9eb4d47
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9eb4d47@80501bfa8c65 0x9B 0xA6 0x1B 0xE9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9eb4d47@58c38be9c4a7 0x0F 0xEB 0xE5 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9eb4d47@0021aa7c4927 0x0E 0x59 0x94 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9eb4d47 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9eb4d47@80501bfa8c65 0x9B 0xA6 0x1B 0xE9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9eb4d47@58c38be9c4a7 0x0F 0xEB 0xE5 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9eb4d47@0021aa7c4927 0x0E 0x59 0x94 0xC0 ...

---- EOF - GMER 2.1 ----


Ich weiß nicht, ob ich das alles richtig gemacht habe und ob ihr noch irgendetwas von mir benötigt. Jedenfalls wäre ich sehr dankbar, wenn ihr mir helfen könnt.

Ich bin vermutlich erst wieder morgen am späten Abend an meinem Rechner. Also nicht wundern, wenn ich nicht sofort antworte.

Vorerst schon einmal Danke.

Herzliche Grüße
witchy

Alt 04.04.2013, 12:30   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail delivery failed Emails - vermutlich Maleware Problem - Standard

Mail delivery failed Emails - vermutlich Maleware Problem



Hallo und

Zitat:
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Warum hast eine Ultimate Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 04.04.2013, 14:50   #3
witchy
 
Mail delivery failed Emails - vermutlich Maleware Problem - Standard

Mail delivery failed Emails - vermutlich Maleware Problem



Zitat:
Zitat von cosinus Beitrag anzeigen
Hallo und



Warum hast eine Ultimate Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
Hallo und schon einmal danke für die erste Antwort!

Tja das ist eine gute Frage. Ich glaube ich geh gleich zur nächsten. Scherz beiseite! Ich habe den Laptop als Geschenk (neu) von meinem Bruder zu Weihnachten 200? bekommen und mir nie die Frage gestellt warum da Ultimate drauf ist. Er hat in der letzten Zeit immer gesagt, dass ich doch mal Windows 7 drüber spielen soll, aber da sollte ich ihn vielleicht vorher platt machen, oder? Ich bin reiner Heimanwender mit diesem Rechner.

Zitat:
Zitat von cosinus Beitrag anzeigen
Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?
Oh stimmt, ich hatte mich schon gewundert wo das 4. Teil hin ist.

Malwarebytes hat das noch ausgespuckt:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.26.14

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Rike :: RIKE-PC [Administrator]

26.03.2013 22:38:53
mbam-log-2013-03-26 (22-38-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205087
Laufzeit: 23 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Rike\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Die Log-Dateien vom Kaspersky finde ich nicht. Ich hänge mal die Seite mit dem "Bericht" an. Wenn du die Log-Dateien dazu benötigst, dann musst du mir bitte erklären wie und wo ich die finde. Danke!

Zitat:
Zitat von cosinus Beitrag anzeigen


Sorry nochmal dass ich nicht alles gepostet habe.

Zitat:
Zitat von cosinus Beitrag anzeigen
Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
Ich hoffe, dass ich jetzt alles richtig gemacht habe oder hätte ich die Logdatei nicht so wie oben reinkopieren dürfen?
__________________
Angehängte Dateien
Dateityp: pdf Kaspersky.pdf (149,9 KB, 206x aufgerufen)

Alt 04.04.2013, 17:11   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail delivery failed Emails - vermutlich Maleware Problem - Standard

Mail delivery failed Emails - vermutlich Maleware Problem



Hm, da frag ich mich wo deiner Bruder diese Ultimate Edition her hat. Weiß du das? Wenn nicht frag ihn mal bei Gelegenheit


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.04.2013, 00:42   #5
witchy
 
Mail delivery failed Emails - vermutlich Maleware Problem - Standard

Mail delivery failed Emails - vermutlich Maleware Problem



Zitat:
Zitat von cosinus Beitrag anzeigen
Hm, da frag ich mich wo deiner Bruder diese Ultimate Edition her hat. Weiß du das? Wenn nicht frag ihn mal bei Gelegenheit
Hi cosinus,

ich habe meinen Bruder gefragt. Dazu solltest du vielleicht wissen was für einen Laptop ich habe. Es ist ein DELL Inspirion 1720. Vielleicht erklärt sich mein Ultimate ja jetzt besser? Jedenfalls hat mein Bruder diesen bei DELL bestellt und er dachte, dass er für mich etwas "Besseres" aussucht als die Standard-Vista-Version und deswegen Ultimate genommen. Das konnte man "so anklicken" hat er gesagt. Da ist auch alles Originalware, weil ich schon einmal eine kaputte Festplatte hatte und dies während der Garantiezeit ausgetauscht wurde.

So jetzt zu den Logfiles!

Dies ist der von Malwarebytes Anti-Rootkit:


Der Erste:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.04.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Rike :: RIKE-PC [administrator]

04.04.2013 21:19:34
mbar-log-2013-04-04 (21-19-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 26543
Time elapsed: 37 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
und dann nach dem Neustart des Rechners:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.04.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Rike :: RIKE-PC [administrator]

04.04.2013 22:06:28
mbar-log-2013-04-04 (22-06-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 26505
Time elapsed: 36 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Das ist der vom aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-04 22:35:47
-----------------------------
22:35:47.734    OS Version: Windows 6.0.6002 Service Pack 2
22:35:47.734    Number of processors: 2 586 0xF0D
22:35:47.749    ComputerName: RIKE-PC  UserName: Rike
22:36:01.384    Initialize success
22:36:38.964    The log file has been saved successfully to "C:\Users\Rike\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-04 22:38:30
-----------------------------
22:38:30.726    OS Version: Windows 6.0.6002 Service Pack 2
22:38:30.726    Number of processors: 2 586 0xF0D
22:38:30.726    ComputerName: RIKE-PC  UserName: Rike
22:38:32.645    Initialize success
22:39:04.001    AVAST engine defs: 13040401
22:39:07.464    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
22:39:07.480    Disk 0 Vendor: SAMSUNG_HM160HI HH100-11 Size: 152627MB BusType: 3
22:39:07.480    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
22:39:07.495    Disk 1 Vendor: FUJITSU_MHY2160BH 0085000B Size: 152627MB BusType: 3
22:39:08.088    Disk 1 MBR read successfully
22:39:08.104    Disk 1 MBR scan
22:39:08.150    Disk 1 Windows VISTA default MBR code
22:39:08.166    Disk 1 Partition 1 00     07    HPFS/NTFS NTFS       152625 MB offset 2048
22:39:08.182    Disk 1 scanning sectors +312578048
22:39:09.040    Disk 1 scanning C:\Windows\system32\drivers
22:39:49.007    Service scanning
22:40:08.366    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
22:40:09.271    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
22:40:10.036    Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
22:40:10.160    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
22:40:10.379    Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
22:40:10.519    Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
22:40:40.440    Modules scanning
22:41:31.280    Disk 1 trace - called modules:
22:41:31.358    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 
22:41:31.374    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x885feac8]
22:41:31.390    3 CLASSPNP.SYS[85fce8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x87e6db98]
22:41:32.700    AVAST engine scan C:\Windows
22:41:42.450    AVAST engine scan C:\Windows\system32
22:47:52.451    AVAST engine scan C:\Windows\system32\drivers
22:48:23.120    AVAST engine scan C:\Users\Rike
23:41:35.894    AVAST engine scan C:\ProgramData
23:49:39.136    Scan finished successfully
23:50:09.025    Disk 1 MBR has been saved successfully to "C:\Users\Rike\Desktop\MBR.dat"
23:50:09.056    The log file has been saved successfully to "C:\Users\Rike\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-04 22:38:30
-----------------------------
22:38:30.726    OS Version: Windows 6.0.6002 Service Pack 2
22:38:30.726    Number of processors: 2 586 0xF0D
22:38:30.726    ComputerName: RIKE-PC  UserName: Rike
22:38:32.645    Initialize success
22:39:04.001    AVAST engine defs: 13040401
22:39:07.464    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
22:39:07.480    Disk 0 Vendor: SAMSUNG_HM160HI HH100-11 Size: 152627MB BusType: 3
22:39:07.480    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
22:39:07.495    Disk 1 Vendor: FUJITSU_MHY2160BH 0085000B Size: 152627MB BusType: 3
22:39:08.088    Disk 1 MBR read successfully
22:39:08.104    Disk 1 MBR scan
22:39:08.150    Disk 1 Windows VISTA default MBR code
22:39:08.166    Disk 1 Partition 1 00     07    HPFS/NTFS NTFS       152625 MB offset 2048
22:39:08.182    Disk 1 scanning sectors +312578048
22:39:09.040    Disk 1 scanning C:\Windows\system32\drivers
22:39:49.007    Service scanning
22:40:08.366    Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
22:40:09.271    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
22:40:10.036    Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
22:40:10.160    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
22:40:10.379    Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
22:40:10.519    Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
22:40:40.440    Modules scanning
22:41:31.280    Disk 1 trace - called modules:
22:41:31.358    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 
22:41:31.374    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x885feac8]
22:41:31.390    3 CLASSPNP.SYS[85fce8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x87e6db98]
22:41:32.700    AVAST engine scan C:\Windows
22:41:42.450    AVAST engine scan C:\Windows\system32
22:47:52.451    AVAST engine scan C:\Windows\system32\drivers
22:48:23.120    AVAST engine scan C:\Users\Rike
23:41:35.894    AVAST engine scan C:\ProgramData
23:49:39.136    Scan finished successfully
23:50:09.025    Disk 1 MBR has been saved successfully to "C:\Users\Rike\Desktop\MBR.dat"
23:50:09.056    The log file has been saved successfully to "C:\Users\Rike\Desktop\aswMBR.txt"
23:51:20.184    Disk 1 MBR has been saved successfully to "C:\Users\Rike\Desktop\MBR.dat"
23:51:20.199    The log file has been saved successfully to "C:\Users\Rike\Desktop\aswMBR.txt"
         
Dazu muss ich sagen, dass mir zwischendrin der Rechner heruntergefahren ist und neu gestartet hat. Ich saß vorm Fernseher und kann nicht sagen warum. Beim zweiten Lauf bin ich vorm Rechner sitzen geblieben. Da passierte nichts.

So und dies ist der Logfile vom TDDSKiller:

Code:
ATTFilter
23:58:43.0686 2692  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:58:44.0060 2692  ============================================================
23:58:44.0060 2692  Current date / time: 2013/04/04 23:58:44.0060
23:58:44.0060 2692  SystemInfo:
23:58:44.0060 2692  
23:58:44.0060 2692  OS Version: 6.0.6002 ServicePack: 2.0
23:58:44.0060 2692  Product type: Workstation
23:58:44.0060 2692  ComputerName: RIKE-PC
23:58:44.0060 2692  UserName: Rike
23:58:44.0060 2692  Windows directory: C:\Windows
23:58:44.0060 2692  System windows directory: C:\Windows
23:58:44.0060 2692  Processor architecture: Intel x86
23:58:44.0060 2692  Number of processors: 2
23:58:44.0060 2692  Page size: 0x1000
23:58:44.0060 2692  Boot type: Normal boot
23:58:44.0060 2692  ============================================================
23:58:55.0105 2692  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:58:55.0136 2692  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:58:55.0214 2692  ============================================================
23:58:55.0214 2692  \Device\Harddisk0\DR0:
23:58:55.0230 2692  MBR partitions:
23:58:55.0230 2692  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x123FFAB3
23:58:55.0308 2692  \Device\Harddisk1\DR1:
23:58:55.0355 2692  MBR partitions:
23:58:55.0355 2692  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
23:58:55.0355 2692  ============================================================
23:58:55.0417 2692  C: <-> \Device\Harddisk1\DR1\Partition1
23:58:55.0464 2692  D: <-> \Device\Harddisk0\DR0\Partition1
23:58:55.0464 2692  ============================================================
23:58:55.0464 2692  Initialize success
23:58:55.0464 2692  ============================================================
23:59:04.0044 2768  ============================================================
23:59:04.0044 2768  Scan started
23:59:04.0044 2768  Mode: Manual; SigCheck; TDLFS; 
23:59:04.0044 2768  ============================================================
23:59:06.0790 2768  ================ Scan system memory ========================
23:59:06.0790 2768  System memory - ok
23:59:06.0790 2768  ================ Scan services =============================
23:59:07.0991 2768  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
23:59:08.0474 2768  ACPI - ok
23:59:08.0662 2768  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:59:08.0708 2768  AdobeARMservice - ok
23:59:08.0864 2768  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:59:08.0989 2768  adp94xx - ok
23:59:09.0083 2768  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:59:09.0145 2768  adpahci - ok
23:59:09.0239 2768  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
23:59:09.0286 2768  adpu160m - ok
23:59:09.0332 2768  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:59:09.0379 2768  adpu320 - ok
23:59:09.0535 2768  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:59:10.0237 2768  AeLookupSvc - ok
23:59:10.0393 2768  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
23:59:10.0518 2768  AFD - ok
23:59:10.0658 2768  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:59:10.0705 2768  agp440 - ok
23:59:10.0768 2768  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
23:59:10.0799 2768  aic78xx - ok
23:59:10.0892 2768  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
23:59:11.0142 2768  ALG - ok
23:59:11.0189 2768  [ 3A99CB23A2D326FD532618705D6E3048 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:59:11.0236 2768  aliide - ok
23:59:11.0329 2768  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:59:11.0392 2768  amdagp - ok
23:59:11.0516 2768  [ 4333C133DBD71C7D7FE4FB1B83F9EE3E ] amdide          C:\Windows\system32\drivers\amdide.sys
23:59:11.0594 2768  amdide - ok
23:59:11.0719 2768  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
23:59:12.0312 2768  AmdK7 - ok
23:59:12.0359 2768  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:59:12.0593 2768  AmdK8 - ok
23:59:12.0749 2768  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
23:59:12.0905 2768  Appinfo - ok
23:59:13.0030 2768  [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt         C:\Windows\System32\appmgmts.dll
23:59:13.0123 2768  AppMgmt - ok
23:59:13.0232 2768  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
23:59:13.0295 2768  arc - ok
23:59:13.0373 2768  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:59:13.0404 2768  arcsas - ok
23:59:13.0482 2768  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:59:13.0622 2768  AsyncMac - ok
23:59:13.0747 2768  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:59:13.0778 2768  atapi - ok
23:59:13.0950 2768  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:59:14.0106 2768  AudioEndpointBuilder - ok
23:59:14.0153 2768  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:59:14.0231 2768  Audiosrv - ok
23:59:14.0278 2768  AVP - ok
23:59:14.0356 2768  [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
23:59:14.0496 2768  bcm4sbxp - ok
23:59:14.0605 2768  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:59:14.0699 2768  Beep - ok
23:59:14.0792 2768  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
23:59:14.0964 2768  BFE - ok
23:59:15.0104 2768  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
23:59:15.0276 2768  BITS - ok
23:59:15.0307 2768  blbdrive - ok
23:59:15.0354 2768  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:59:15.0479 2768  bowser - ok
23:59:15.0557 2768  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
23:59:15.0619 2768  BrFiltLo - ok
23:59:15.0650 2768  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
23:59:15.0728 2768  BrFiltUp - ok
23:59:15.0916 2768  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
23:59:16.0040 2768  Browser - ok
23:59:16.0118 2768  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
23:59:16.0274 2768  Brserid - ok
23:59:16.0321 2768  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
23:59:16.0493 2768  BrSerWdm - ok
23:59:16.0540 2768  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
23:59:16.0727 2768  BrUsbMdm - ok
23:59:16.0789 2768  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
23:59:16.0992 2768  BrUsbSer - ok
23:59:17.0070 2768  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
23:59:17.0179 2768  BthEnum - ok
23:59:17.0257 2768  [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:59:17.0382 2768  BTHMODEM - ok
23:59:17.0522 2768  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:59:17.0647 2768  BthPan - ok
23:59:17.0772 2768  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
23:59:17.0912 2768  BTHPORT - ok
23:59:17.0975 2768  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
23:59:18.0084 2768  BthServ - ok
23:59:18.0115 2768  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
23:59:18.0178 2768  BTHUSB - ok
23:59:18.0256 2768  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:59:18.0365 2768  cdfs - ok
23:59:18.0443 2768  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:59:18.0583 2768  cdrom - ok
23:59:18.0677 2768  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:59:18.0802 2768  CertPropSvc - ok
23:59:18.0911 2768  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:59:19.0082 2768  circlass - ok
23:59:19.0145 2768  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
23:59:19.0223 2768  CLFS - ok
23:59:19.0535 2768  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:59:19.0597 2768  clr_optimization_v2.0.50727_32 - ok
23:59:19.0816 2768  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:59:19.0956 2768  clr_optimization_v4.0.30319_32 - ok
23:59:20.0034 2768  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:59:20.0174 2768  CmBatt - ok
23:59:20.0284 2768  [ DFB94A6FC3A26972B0461AB5F1D8272B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:59:20.0346 2768  cmdide - ok
23:59:20.0440 2768  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:59:20.0502 2768  Compbatt - ok
23:59:20.0518 2768  COMSysApp - ok
23:59:20.0580 2768  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:59:20.0674 2768  crcdisk - ok
23:59:20.0705 2768  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
23:59:20.0845 2768  Crusoe - ok
23:59:20.0939 2768  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:59:21.0017 2768  CryptSvc - ok
23:59:21.0126 2768  [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC             C:\Windows\system32\drivers\csc.sys
23:59:21.0266 2768  CSC - ok
23:59:21.0422 2768  [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService      C:\Windows\System32\cscsvc.dll
23:59:21.0532 2768  CscService - ok
23:59:21.0656 2768  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:59:21.0797 2768  DcomLaunch - ok
23:59:21.0906 2768  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:59:22.0046 2768  DfsC - ok
23:59:22.0468 2768  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
23:59:22.0780 2768  DFSR - ok
23:59:22.0889 2768  [ F9F31A9F2A8C0DD0CEB6E380BF0985D4 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
23:59:22.0951 2768  dg_ssudbus - ok
23:59:23.0076 2768  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
23:59:23.0154 2768  Dhcp - ok
23:59:23.0216 2768  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
23:59:23.0263 2768  disk - ok
23:59:23.0341 2768  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:59:23.0450 2768  Dnscache - ok
23:59:23.0544 2768  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:59:23.0669 2768  dot3svc - ok
23:59:23.0731 2768  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
23:59:23.0872 2768  DPS - ok
23:59:23.0965 2768  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:59:24.0043 2768  drmkaud - ok
23:59:24.0106 2768  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:59:24.0262 2768  DXGKrnl - ok
23:59:24.0355 2768  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
23:59:24.0527 2768  E1G60 - ok
23:59:24.0605 2768  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
23:59:24.0683 2768  EapHost - ok
23:59:24.0761 2768  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
23:59:24.0808 2768  Ecache - ok
23:59:25.0042 2768  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:59:25.0166 2768  ehRecvr - ok
23:59:25.0260 2768  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
23:59:25.0354 2768  ehSched - ok
23:59:25.0416 2768  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
23:59:25.0463 2768  ehstart - ok
23:59:25.0572 2768  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:59:25.0650 2768  elxstor - ok
23:59:25.0728 2768  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
23:59:25.0900 2768  EMDMgmt - ok
23:59:26.0056 2768  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
23:59:26.0149 2768  EventSystem - ok
23:59:26.0243 2768  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
23:59:26.0321 2768  exfat - ok
23:59:26.0399 2768  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:59:26.0492 2768  fastfat - ok
23:59:26.0648 2768  [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax             C:\Windows\system32\fxssvc.exe
23:59:26.0773 2768  Fax - ok
23:59:26.0851 2768  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:59:27.0023 2768  fdc - ok
23:59:27.0101 2768  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:59:27.0194 2768  fdPHost - ok
23:59:27.0288 2768  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:59:27.0506 2768  FDResPub - ok
23:59:27.0569 2768  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:59:27.0616 2768  FileInfo - ok
23:59:27.0709 2768  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:59:27.0818 2768  Filetrace - ok
23:59:27.0912 2768  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:59:28.0099 2768  flpydisk - ok
23:59:28.0224 2768  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:59:28.0302 2768  FltMgr - ok
23:59:28.0442 2768  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
23:59:28.0864 2768  FontCache - ok
23:59:29.0020 2768  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:59:29.0082 2768  FontCache3.0.0.0 - ok
23:59:29.0129 2768  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:59:29.0238 2768  Fs_Rec - ok
23:59:29.0300 2768  [ FECF4C2E42440A8D132BF94EEE3C3FC9 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:59:29.0363 2768  fvevol - ok
23:59:29.0456 2768  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:59:29.0534 2768  gagp30kx - ok
23:59:29.0690 2768  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:59:29.0815 2768  gpsvc - ok
23:59:30.0018 2768  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:59:30.0049 2768  gupdate - ok
23:59:30.0065 2768  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:59:30.0143 2768  gupdatem - ok
23:59:30.0299 2768  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:59:30.0439 2768  HdAudAddService - ok
23:59:30.0751 2768  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:59:30.0938 2768  HDAudBus - ok
23:59:31.0110 2768  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:59:31.0313 2768  HidBth - ok
23:59:31.0344 2768  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:59:31.0500 2768  HidIr - ok
23:59:31.0531 2768  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
23:59:31.0609 2768  hidserv - ok
23:59:31.0672 2768  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:59:31.0765 2768  HidUsb - ok
23:59:31.0812 2768  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:59:31.0906 2768  hkmsvc - ok
23:59:31.0999 2768  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
23:59:32.0030 2768  HpCISSs - ok
23:59:32.0202 2768  [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:59:32.0249 2768  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
23:59:32.0249 2768  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
23:59:32.0327 2768  [ DF446BA625CC441617843E87798CE048 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:59:32.0374 2768  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
23:59:32.0374 2768  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
23:59:32.0436 2768  [ 75F122CDCA3C71BD09089F2CA824B796 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
23:59:32.0498 2768  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
23:59:32.0498 2768  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
23:59:32.0592 2768  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:59:32.0686 2768  HSFHWAZL - ok
23:59:32.0842 2768  [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:59:33.0013 2768  HSF_DPV - ok
23:59:33.0138 2768  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:59:33.0278 2768  HTTP - ok
23:59:33.0372 2768  [ 2F23ABA465B24A57E8664A124A53CC15 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
23:59:33.0497 2768  huawei_enumerator - ok
23:59:33.0559 2768  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
23:59:33.0668 2768  i2omp - ok
23:59:33.0746 2768  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:59:33.0856 2768  i8042prt - ok
23:59:33.0934 2768  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
23:59:34.0027 2768  iaStorV - ok
23:59:34.0308 2768  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:59:34.0511 2768  idsvc - ok
23:59:34.0558 2768  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:59:34.0604 2768  iirsp - ok
23:59:34.0714 2768  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:59:34.0823 2768  IKEEXT - ok
23:59:34.0963 2768  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:59:35.0041 2768  intelide - ok
23:59:35.0182 2768  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:59:35.0291 2768  intelppm - ok
23:59:35.0431 2768  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:59:35.0540 2768  IPBusEnum - ok
23:59:35.0603 2768  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:59:35.0712 2768  IpFilterDriver - ok
23:59:35.0759 2768  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:59:35.0868 2768  iphlpsvc - ok
23:59:35.0884 2768  IpInIp - ok
23:59:35.0977 2768  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
23:59:36.0133 2768  IPMIDRV - ok
23:59:36.0180 2768  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
23:59:36.0289 2768  IPNAT - ok
23:59:36.0336 2768  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:59:36.0461 2768  IRENUM - ok
23:59:36.0492 2768  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:59:36.0554 2768  isapnp - ok
23:59:36.0586 2768  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:59:36.0632 2768  iScsiPrt - ok
23:59:36.0710 2768  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
23:59:36.0742 2768  iteatapi - ok
23:59:36.0773 2768  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
23:59:36.0820 2768  iteraid - ok
23:59:36.0866 2768  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:59:36.0944 2768  kbdclass - ok
23:59:37.0007 2768  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:59:37.0100 2768  kbdhid - ok
23:59:37.0132 2768  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
23:59:37.0210 2768  KeyIso - ok
23:59:37.0303 2768  [ EA26CB00F83686856F2C79673C00C686 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
23:59:37.0350 2768  KL1 - ok
23:59:37.0490 2768  [ FBC7F840F1118D358D2AFB8C1714B384 ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
23:59:37.0600 2768  KLIF - ok
23:59:37.0709 2768  [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
23:59:37.0740 2768  KLIM6 - ok
23:59:37.0849 2768  [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
23:59:37.0943 2768  klkbdflt - ok
23:59:37.0990 2768  [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
23:59:38.0036 2768  klmouflt - ok
23:59:38.0130 2768  [ 53C0DF6C5139CB78A631E7AFCD893730 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
23:59:38.0177 2768  kltdi - ok
23:59:38.0239 2768  [ 71A38C123600172511C26BFABD0EF579 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
23:59:38.0286 2768  kneps - ok
23:59:38.0380 2768  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:59:38.0458 2768  KSecDD - ok
23:59:38.0536 2768  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:59:38.0660 2768  KtmRm - ok
23:59:38.0723 2768  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:59:38.0816 2768  LanmanServer - ok
23:59:38.0894 2768  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:59:38.0988 2768  LanmanWorkstation - ok
23:59:39.0035 2768  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:59:39.0144 2768  lltdio - ok
23:59:39.0253 2768  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:59:39.0394 2768  lltdsvc - ok
23:59:39.0440 2768  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:59:39.0596 2768  lmhosts - ok
23:59:39.0659 2768  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:59:39.0706 2768  LSI_FC - ok
23:59:39.0737 2768  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:59:39.0784 2768  LSI_SAS - ok
23:59:39.0815 2768  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:59:39.0877 2768  LSI_SCSI - ok
23:59:39.0940 2768  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
23:59:40.0049 2768  luafv - ok
23:59:40.0111 2768  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:59:40.0252 2768  Mcx2Svc - ok
23:59:40.0283 2768  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
23:59:40.0314 2768  megasas - ok
23:59:40.0376 2768  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
23:59:40.0517 2768  MMCSS - ok
23:59:40.0579 2768  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
23:59:40.0688 2768  Modem - ok
23:59:40.0735 2768  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:59:40.0829 2768  monitor - ok
23:59:40.0876 2768  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:59:40.0922 2768  mouclass - ok
23:59:40.0985 2768  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:59:41.0063 2768  mouhid - ok
23:59:41.0125 2768  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
23:59:41.0172 2768  MountMgr - ok
23:59:41.0281 2768  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:59:41.0328 2768  MozillaMaintenance - ok
23:59:41.0390 2768  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:59:41.0453 2768  mpio - ok
23:59:41.0484 2768  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:59:41.0562 2768  mpsdrv - ok
23:59:41.0702 2768  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:59:41.0843 2768  MpsSvc - ok
23:59:41.0890 2768  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
23:59:41.0936 2768  Mraid35x - ok
23:59:41.0999 2768  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:59:42.0092 2768  MRxDAV - ok
23:59:42.0139 2768  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:59:42.0233 2768  mrxsmb - ok
23:59:42.0295 2768  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:59:42.0373 2768  mrxsmb10 - ok
23:59:42.0389 2768  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:59:42.0482 2768  mrxsmb20 - ok
23:59:42.0560 2768  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:59:42.0623 2768  msahci - ok
23:59:42.0685 2768  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:59:42.0748 2768  msdsm - ok
23:59:42.0779 2768  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
23:59:42.0888 2768  MSDTC - ok
23:59:42.0950 2768  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:59:43.0044 2768  Msfs - ok
23:59:43.0138 2768  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:59:43.0184 2768  msisadrv - ok
23:59:43.0216 2768  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:59:43.0325 2768  MSiSCSI - ok
23:59:43.0340 2768  msiserver - ok
23:59:43.0418 2768  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:59:43.0512 2768  MSKSSRV - ok
23:59:43.0543 2768  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:59:43.0637 2768  MSPCLOCK - ok
23:59:43.0699 2768  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:59:43.0777 2768  MSPQM - ok
23:59:43.0855 2768  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:59:43.0902 2768  MsRPC - ok
23:59:43.0980 2768  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:59:44.0042 2768  mssmbios - ok
23:59:44.0089 2768  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:59:44.0198 2768  MSTEE - ok
23:59:44.0214 2768  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
23:59:44.0292 2768  Mup - ok
23:59:44.0354 2768  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
23:59:44.0510 2768  napagent - ok
23:59:44.0557 2768  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:59:44.0666 2768  NativeWifiP - ok
23:59:44.0791 2768  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:59:44.0885 2768  NDIS - ok
23:59:44.0963 2768  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:59:45.0025 2768  NdisTapi - ok
23:59:45.0072 2768  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:59:45.0181 2768  Ndisuio - ok
23:59:45.0244 2768  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:59:45.0322 2768  NdisWan - ok
23:59:45.0368 2768  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:59:45.0478 2768  NDProxy - ok
23:59:45.0540 2768  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:59:45.0602 2768  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:59:45.0602 2768  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:59:45.0634 2768  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:59:45.0712 2768  NetBIOS - ok
23:59:45.0758 2768  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
23:59:45.0868 2768  netbt - ok
23:59:45.0883 2768  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
23:59:45.0946 2768  Netlogon - ok
23:59:46.0070 2768  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
23:59:46.0180 2768  Netman - ok
23:59:46.0258 2768  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
23:59:46.0367 2768  netprofm - ok
23:59:46.0429 2768  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:59:46.0523 2768  NetTcpPortSharing - ok
23:59:46.0726 2768  [ A15F219208843A5A210C8CB391384453 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
23:59:47.0038 2768  NETw3v32 - ok
23:59:47.0490 2768  [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
23:59:47.0818 2768  NETw4v32 - ok
23:59:47.0896 2768  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:59:47.0958 2768  nfrd960 - ok
23:59:48.0020 2768  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:59:48.0130 2768  NlaSvc - ok
23:59:48.0239 2768  [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys
23:59:48.0364 2768  nmwcd - ok
23:59:48.0473 2768  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:59:48.0566 2768  Npfs - ok
23:59:48.0660 2768  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
23:59:48.0754 2768  nsi - ok
23:59:48.0910 2768  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:59:49.0019 2768  nsiproxy - ok
23:59:49.0222 2768  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:59:49.0393 2768  Ntfs - ok
23:59:49.0424 2768  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
23:59:49.0549 2768  ntrigdigi - ok
23:59:49.0612 2768  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
23:59:49.0768 2768  Null - ok
23:59:50.0860 2768  [ 8FE5350FA6A9F0B6633AEE811C468954 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:59:51.0655 2768  nvlddmkm - ok
23:59:51.0702 2768  [ 6F785DB62A6D8F3FAFD3E5695277E849 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:59:51.0874 2768  nvraid - ok
23:59:51.0920 2768  [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:59:51.0983 2768  nvstor - ok
23:59:52.0030 2768  [ DED8F2C0070478F13C37F7BD849B83FA ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:59:52.0076 2768  nvsvc - ok
23:59:52.0139 2768  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:59:52.0186 2768  nv_agp - ok
23:59:52.0186 2768  NwlnkFlt - ok
23:59:52.0201 2768  NwlnkFwd - ok
23:59:52.0279 2768  [ 19CAC780B858822055F46C58A111723C ] OEM02Dev        C:\Windows\system32\DRIVERS\OEM02Dev.sys
23:59:52.0388 2768  OEM02Dev - ok
23:59:52.0420 2768  [ 86326062A90494BDD79CE383511D7D69 ] OEM02Vfx        C:\Windows\system32\DRIVERS\OEM02Vfx.sys
23:59:52.0466 2768  OEM02Vfx - ok
23:59:52.0576 2768  [ F0F6BEE889236BB6D6A94560D7EEA2AC ] ogmservice      C:\Program Files\Online Games Manager\ogmservice.exe
23:59:52.0669 2768  ogmservice - ok
23:59:52.0778 2768  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
23:59:52.0841 2768  ohci1394 - ok
23:59:52.0903 2768  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
23:59:53.0044 2768  p2pimsvc - ok
23:59:53.0090 2768  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:59:53.0153 2768  p2psvc - ok
23:59:53.0215 2768  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
23:59:53.0371 2768  Parport - ok
23:59:53.0418 2768  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:59:53.0465 2768  partmgr - ok
23:59:53.0496 2768  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
23:59:53.0652 2768  Parvdm - ok
23:59:53.0699 2768  PCASp50 - ok
23:59:53.0808 2768  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:59:53.0902 2768  PcaSvc - ok
23:59:54.0058 2768  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
23:59:54.0167 2768  pccsmcfd - ok
23:59:54.0214 2768  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
23:59:54.0276 2768  pci - ok
23:59:54.0323 2768  [ 20B869152448F80AC49CF10264E91F5E ] pciide          C:\Windows\system32\drivers\pciide.sys
23:59:54.0354 2768  pciide - ok
23:59:54.0416 2768  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:59:54.0463 2768  pcmcia - ok
23:59:54.0557 2768  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:59:54.0806 2768  PEAUTH - ok
23:59:54.0916 2768  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
23:59:55.0196 2768  pla - ok
23:59:55.0243 2768  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:59:55.0337 2768  PlugPlay - ok
23:59:55.0430 2768  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:59:55.0493 2768  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:59:55.0493 2768  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:59:55.0540 2768  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
23:59:55.0602 2768  PNRPAutoReg - ok
23:59:55.0664 2768  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
23:59:55.0742 2768  PNRPsvc - ok
23:59:55.0805 2768  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:59:55.0898 2768  PolicyAgent - ok
23:59:55.0992 2768  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:59:56.0132 2768  PptpMiniport - ok
23:59:56.0179 2768  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
23:59:56.0304 2768  Processor - ok
23:59:56.0335 2768  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:59:56.0444 2768  ProfSvc - ok
23:59:56.0476 2768  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:59:56.0522 2768  ProtectedStorage - ok
23:59:56.0569 2768  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
23:59:56.0663 2768  PSched - ok
23:59:56.0756 2768  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:59:56.0866 2768  ql2300 - ok
23:59:56.0897 2768  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:59:56.0944 2768  ql40xx - ok
23:59:57.0006 2768  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
23:59:57.0115 2768  QWAVE - ok
23:59:57.0162 2768  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:59:57.0209 2768  QWAVEdrv - ok
23:59:57.0256 2768  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:59:57.0349 2768  RasAcd - ok
23:59:57.0380 2768  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
23:59:57.0521 2768  RasAuto - ok
23:59:57.0599 2768  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:59:57.0692 2768  Rasl2tp - ok
23:59:57.0817 2768  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
23:59:57.0911 2768  RasMan - ok
23:59:58.0051 2768  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:59:58.0176 2768  RasPppoe - ok
23:59:58.0270 2768  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:59:58.0348 2768  RasSstp - ok
23:59:58.0410 2768  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:59:58.0597 2768  rdbss - ok
23:59:58.0660 2768  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:59:58.0738 2768  RDPCDD - ok
23:59:58.0925 2768  [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
23:59:59.0081 2768  rdpdr - ok
23:59:59.0128 2768  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:59:59.0206 2768  RDPENCDD - ok
23:59:59.0299 2768  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:59:59.0393 2768  RDPWD - ok
23:59:59.0518 2768  [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
23:59:59.0549 2768  RealNetworks Downloader Resolver Service - ok
23:59:59.0596 2768  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:59:59.0705 2768  RemoteAccess - ok
23:59:59.0752 2768  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:59:59.0892 2768  RemoteRegistry - ok
23:59:59.0954 2768  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
00:00:00.0032 2768  RFCOMM - ok
00:00:00.0095 2768  [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
00:00:00.0157 2768  rismxdp - ok
00:00:00.0251 2768  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
00:00:00.0376 2768  RpcLocator - ok
00:00:00.0500 2768  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
00:00:00.0578 2768  RpcSs - ok
00:00:00.0656 2768  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:00:00.0797 2768  rspndr - ok
00:00:00.0797 2768  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
00:00:00.0859 2768  SamSs - ok
00:00:00.0906 2768  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:00:00.0953 2768  sbp2port - ok
00:00:01.0000 2768  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:00:01.0140 2768  SCardSvr - ok
00:00:01.0234 2768  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
00:00:01.0530 2768  Schedule - ok
00:00:01.0624 2768  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:00:01.0702 2768  SCPolicySvc - ok
00:00:01.0826 2768  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
00:00:01.0936 2768  sdbus - ok
00:00:02.0045 2768  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:00:02.0154 2768  SDRSVC - ok
00:00:02.0201 2768  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:00:02.0341 2768  secdrv - ok
00:00:02.0404 2768  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
00:00:02.0544 2768  seclogon - ok
00:00:02.0606 2768  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
00:00:02.0716 2768  SENS - ok
00:00:02.0809 2768  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
00:00:02.0996 2768  Serenum - ok
00:00:03.0090 2768  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
00:00:03.0293 2768  Serial - ok
00:00:03.0340 2768  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
00:00:03.0480 2768  sermouse - ok
00:00:03.0854 2768  [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
00:00:04.0057 2768  ServiceLayer - ok
00:00:04.0135 2768  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
00:00:04.0385 2768  SessionEnv - ok
00:00:04.0478 2768  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:00:04.0619 2768  sffdisk - ok
00:00:04.0634 2768  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:00:04.0775 2768  sffp_mmc - ok
00:00:04.0822 2768  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:00:04.0978 2768  sffp_sd - ok
00:00:05.0024 2768  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
00:00:05.0149 2768  sfloppy - ok
00:00:05.0212 2768  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:00:05.0368 2768  SharedAccess - ok
00:00:05.0430 2768  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:00:05.0539 2768  ShellHWDetection - ok
00:00:05.0586 2768  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
00:00:05.0633 2768  sisagp - ok
00:00:05.0664 2768  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
00:00:05.0711 2768  SiSRaid2 - ok
00:00:05.0742 2768  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
00:00:05.0789 2768  SiSRaid4 - ok
00:00:05.0992 2768  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
00:00:06.0101 2768  SkypeUpdate - ok
00:00:06.0335 2768  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
00:00:06.0725 2768  slsvc - ok
00:00:06.0756 2768  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
00:00:06.0881 2768  SLUINotify - ok
00:00:06.0928 2768  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:00:07.0037 2768  Smb - ok
00:00:07.0146 2768  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:00:07.0255 2768  SNMPTRAP - ok
00:00:07.0318 2768  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
00:00:07.0396 2768  spldr - ok
00:00:07.0474 2768  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
00:00:07.0567 2768  Spooler - ok
00:00:07.0614 2768  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:00:07.0817 2768  srv - ok
00:00:07.0879 2768  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:00:07.0973 2768  srv2 - ok
00:00:07.0988 2768  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:00:08.0035 2768  srvnet - ok
00:00:08.0082 2768  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:00:08.0176 2768  SSDPSRV - ok
00:00:08.0269 2768  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:00:08.0347 2768  SstpSvc - ok
00:00:08.0410 2768  [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
00:00:08.0456 2768  ssudmdm - ok
00:00:08.0519 2768  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
00:00:08.0612 2768  StillCam - ok
00:00:08.0768 2768  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
00:00:08.0846 2768  stisvc - ok
00:00:08.0862 2768  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
00:00:08.0909 2768  swenum - ok
00:00:09.0049 2768  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
00:00:09.0143 2768  swprv - ok
00:00:09.0205 2768  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
00:00:09.0268 2768  Symc8xx - ok
00:00:09.0330 2768  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
00:00:09.0408 2768  Sym_hi - ok
00:00:09.0439 2768  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
00:00:09.0517 2768  Sym_u3 - ok
00:00:09.0673 2768  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
00:00:09.0829 2768  SysMain - ok
00:00:09.0892 2768  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:00:09.0970 2768  TabletInputService - ok
00:00:10.0110 2768  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:00:10.0188 2768  TapiSrv - ok
00:00:10.0235 2768  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
00:00:10.0313 2768  TBS - ok
00:00:10.0656 2768  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:00:10.0812 2768  Tcpip - ok
00:00:11.0140 2768  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
00:00:11.0218 2768  Tcpip6 - ok
00:00:11.0296 2768  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:00:11.0483 2768  tcpipreg - ok
00:00:11.0561 2768  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:00:11.0670 2768  TDPIPE - ok
00:00:11.0732 2768  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:00:11.0810 2768  TDTCP - ok
00:00:11.0935 2768  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:00:12.0013 2768  tdx - ok
00:00:12.0076 2768  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
00:00:12.0138 2768  TermDD - ok
00:00:12.0263 2768  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
00:00:12.0450 2768  TermService - ok
00:00:12.0512 2768  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
00:00:12.0575 2768  Themes - ok
00:00:12.0606 2768  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
00:00:12.0684 2768  THREADORDER - ok
00:00:12.0715 2768  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
00:00:12.0809 2768  TrkWks - ok
00:00:12.0902 2768  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:00:12.0980 2768  TrustedInstaller - ok
00:00:13.0043 2768  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:00:13.0136 2768  tssecsrv - ok
00:00:13.0183 2768  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
00:00:13.0246 2768  tunmp - ok
00:00:13.0261 2768  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:00:13.0324 2768  tunnel - ok
00:00:13.0386 2768  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
00:00:13.0433 2768  uagp35 - ok
00:00:13.0480 2768  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:00:13.0573 2768  udfs - ok
00:00:13.0636 2768  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:00:13.0729 2768  UI0Detect - ok
00:00:13.0776 2768  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:00:13.0870 2768  uliagpkx - ok
00:00:13.0932 2768  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
00:00:14.0026 2768  uliahci - ok
00:00:14.0072 2768  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
00:00:14.0119 2768  UlSata - ok
00:00:14.0150 2768  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
00:00:14.0197 2768  ulsata2 - ok
00:00:14.0260 2768  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:00:14.0353 2768  umbus - ok
00:00:14.0416 2768  [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService    C:\Windows\System32\umrdp.dll
00:00:14.0525 2768  UmRdpService - ok
00:00:14.0587 2768  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
00:00:14.0681 2768  upnphost - ok
00:00:14.0759 2768  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:00:14.0837 2768  usbccgp - ok
00:00:14.0899 2768  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:00:15.0024 2768  usbcir - ok
00:00:15.0086 2768  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
00:00:15.0180 2768  usbehci - ok
00:00:15.0227 2768  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:00:15.0305 2768  usbhub - ok
00:00:15.0336 2768  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:00:15.0476 2768  usbohci - ok
00:00:15.0492 2768  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
00:00:15.0648 2768  usbprint - ok
00:00:15.0710 2768  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:00:15.0804 2768  USBSTOR - ok
00:00:15.0851 2768  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
00:00:15.0929 2768  usbuhci - ok
00:00:15.0976 2768  [ 0A6B81F01BC86399482E27E6FDA7B33B ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
00:00:16.0116 2768  usbvideo - ok
00:00:16.0178 2768  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
00:00:16.0272 2768  UxSms - ok
00:00:16.0319 2768  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
00:00:16.0506 2768  vds - ok
00:00:16.0584 2768  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:00:16.0724 2768  vga - ok
00:00:16.0802 2768  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:00:16.0896 2768  VgaSave - ok
00:00:16.0943 2768  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
00:00:17.0036 2768  viaagp - ok
00:00:17.0114 2768  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
00:00:17.0255 2768  ViaC7 - ok
00:00:17.0302 2768  [ 58C8D5AC5C3EEF40E7E704A5CED7987D ] viaide          C:\Windows\system32\drivers\viaide.sys
00:00:17.0348 2768  viaide - ok
00:00:17.0395 2768  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:00:17.0442 2768  volmgr - ok
00:00:17.0489 2768  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:00:17.0551 2768  volmgrx - ok
00:00:17.0614 2768  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:00:17.0676 2768  volsnap - ok
00:00:17.0801 2768  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
00:00:17.0848 2768  vsmraid - ok
00:00:17.0910 2768  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
00:00:18.0128 2768  VSS - ok
00:00:18.0175 2768  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
00:00:18.0269 2768  W32Time - ok
00:00:18.0300 2768  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
00:00:18.0456 2768  WacomPen - ok
00:00:18.0518 2768  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
00:00:18.0581 2768  Wanarp - ok
00:00:18.0596 2768  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:00:18.0674 2768  Wanarpv6 - ok
00:00:18.0737 2768  [ 20B23332885DFB93FE0185362EE811E9 ] wbengine        C:\Windows\system32\wbengine.exe
00:00:18.0893 2768  wbengine - ok
00:00:18.0940 2768  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:00:19.0064 2768  wcncsvc - ok
00:00:19.0111 2768  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:00:19.0189 2768  WcsPlugInService - ok
00:00:19.0236 2768  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
00:00:19.0267 2768  Wd - ok
00:00:19.0330 2768  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:00:19.0501 2768  Wdf01000 - ok
00:00:19.0610 2768  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:00:19.0860 2768  WdiServiceHost - ok
00:00:19.0907 2768  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:00:20.0000 2768  WdiSystemHost - ok
00:00:20.0110 2768  [ 82943769AC01805A0D2BA74D0925A45D ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
00:00:20.0172 2768  Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning
00:00:20.0172 2768  Web Assistant Updater - detected UnsignedFile.Multi.Generic (1)
00:00:20.0219 2768  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
00:00:20.0281 2768  WebClient - ok
00:00:20.0328 2768  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:00:20.0500 2768  Wecsvc - ok
00:00:20.0562 2768  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:00:20.0687 2768  wercplsupport - ok
00:00:20.0734 2768  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:00:20.0812 2768  WerSvc - ok
00:00:20.0890 2768  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
00:00:21.0046 2768  winachsf - ok
00:00:21.0139 2768  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
00:00:21.0233 2768  WinDefend - ok
00:00:21.0248 2768  WinHttpAutoProxySvc - ok
00:00:21.0342 2768  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:00:21.0420 2768  Winmgmt - ok
00:00:21.0498 2768  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
00:00:21.0732 2768  WinRM - ok
00:00:21.0841 2768  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:00:21.0966 2768  Wlansvc - ok
00:00:22.0028 2768  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:00:22.0075 2768  wlcrasvc - ok
00:00:22.0231 2768  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:00:22.0481 2768  wlidsvc - ok
00:00:22.0512 2768  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
00:00:22.0606 2768  WmiAcpi - ok
00:00:22.0652 2768  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:00:22.0746 2768  wmiApSrv - ok
00:00:22.0871 2768  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
00:00:23.0011 2768  WMPNetworkSvc - ok
00:00:23.0042 2768  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:00:23.0152 2768  WPCSvc - ok
00:00:23.0214 2768  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:00:23.0354 2768  WPDBusEnum - ok
00:00:23.0401 2768  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
00:00:23.0464 2768  WpdUsb - ok
00:00:23.0651 2768  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:00:23.0776 2768  WPFFontCache_v0400 - ok
00:00:23.0807 2768  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:00:23.0900 2768  ws2ifsl - ok
00:00:23.0947 2768  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
00:00:24.0041 2768  wscsvc - ok
00:00:24.0103 2768  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
00:00:24.0166 2768  WSDPrintDevice - ok
00:00:24.0181 2768  WSearch - ok
00:00:24.0306 2768  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
00:00:24.0540 2768  wuauserv - ok
00:00:24.0587 2768  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:00:24.0696 2768  WudfPf - ok
00:00:24.0743 2768  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:00:24.0790 2768  WUDFRd - ok
00:00:24.0836 2768  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:00:24.0883 2768  wudfsvc - ok
00:00:24.0992 2768  [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
00:00:25.0070 2768  ZTEusbmdm6k - ok
00:00:25.0133 2768  [ 453A60F8DC22FC296BC482CBF3EFF213 ] ZTEusbnet       C:\Windows\system32\DRIVERS\ZTEusbnet.sys
00:00:25.0195 2768  ZTEusbnet - ok
00:00:25.0242 2768  [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
00:00:25.0289 2768  ZTEusbnmea - ok
00:00:25.0336 2768  [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
00:00:25.0398 2768  ZTEusbser6k - ok
00:00:25.0445 2768  [ 2A6F72D2B6A549B1FC6A6522BC204159 ] ZTEusbvoice     C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
00:00:25.0492 2768  ZTEusbvoice - ok
00:00:25.0554 2768  ================ Scan global ===============================
00:00:25.0616 2768  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
00:00:25.0663 2768  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
00:00:25.0741 2768  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
00:00:25.0788 2768  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
00:00:25.0819 2768  [Global] - ok
00:00:25.0819 2768  ================ Scan MBR ==================================
00:00:25.0819 2768  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
00:00:27.0052 2768  \Device\Harddisk0\DR0 - ok
00:00:27.0098 2768  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
00:00:27.0473 2768  \Device\Harddisk1\DR1 - ok
00:00:27.0520 2768  ================ Scan VBR ==================================
00:00:27.0551 2768  [ 05A7420CCC8F9421D69DC19FDAE74F60 ] \Device\Harddisk0\DR0\Partition1
00:00:27.0551 2768  \Device\Harddisk0\DR0\Partition1 - ok
00:00:27.0598 2768  [ D8BF565DA25276946D11D37AC515E93E ] \Device\Harddisk1\DR1\Partition1
00:00:27.0598 2768  \Device\Harddisk1\DR1\Partition1 - ok
00:00:27.0613 2768  ============================================================
00:00:27.0613 2768  Scan finished
00:00:27.0613 2768  ============================================================
00:00:27.0644 4424  Detected object count: 6
00:00:27.0644 4424  Actual detected object count: 6
00:03:09.0887 4424  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
00:03:09.0887 4424  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:03:09.0902 4424  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:03:09.0902 4424  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:03:09.0902 4424  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
00:03:09.0902 4424  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:03:09.0918 4424  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:03:09.0918 4424  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:03:09.0918 4424  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:03:09.0918 4424  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:03:09.0918 4424  Web Assistant Updater ( UnsignedFile.Multi.Generic ) - skipped by user
00:03:09.0918 4424  Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:03:22.0445 5200  Deinitialize success
         
So ich hoffe diesmal habe ich alles richtig gemacht? Das ist ja echt viel Arbeit, aber ihr leistet auch ne Menge! Danke dafür!!!

Dich könnte ich in der Arbeit gebrauchen! Da arbeiten wir auf Terminalserver bzw. wir im EWO (Meldeamt) haben noch Rechner und keine Clients. Di + Mi haben wir auf Outsourcing umgestellt und anscheinend geht unser Programm OK.EWO nicht über den Terminalserver. Gott sei Dank habe ich Urlaub und bekomme das, was schief geht, alles erst am Dienstag mit. Sonst hätte ich heute ständig mit der Hotline arbeiten müssen und erklären was alles nicht mehr geht. Mit der Software kenne ich mich ein bisschen aus. Genügend privat geplaudert. Interessiert dich wahrscheinlich eh nicht. Musste ich aber mal loswerden. Frau halt.

Ich hoffe du schläfst gut! Bis dann!

LG
witchy


Alt 05.04.2013, 00:47   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail delivery failed Emails - vermutlich Maleware Problem - Standard

Mail delivery failed Emails - vermutlich Maleware Problem



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Mail delivery failed Emails - vermutlich Maleware Problem

Alt 05.04.2013, 13:36   #7
witchy
 
Mail delivery failed Emails - vermutlich Maleware Problem - Standard

Mail delivery failed Emails - vermutlich Maleware Problem



Guten Morgen bzw. Mahlzeit,

so Combofix ist durchgelaufen und hat fast 45 Minuten gebraucht.

Hier die Log-Datei:

Code:
ATTFilter
ComboFix 13-04-04.01 - Rike 05.04.2013  12:28:32.1.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.49.1031.18.2045.885 [GMT 2:00]
ausgeführt von:: c:\users\Rike\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Web Assistant\ExTEnsion32.dll
c:\users\Rike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
c:\windows\system32\AutoRun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-05 bis 2013-04-05  ))))))))))))))))))))))))))))))
.
.
2013-04-05 10:52 . 2013-04-05 10:57	--------	d-----w-	c:\users\Rike\AppData\Local\temp
2013-04-05 10:52 . 2013-04-05 10:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-05 09:47 . 2013-03-15 07:21	7108640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FED1F882-6AD4-47D4-BD88-068781E97DB9}\mpengine.dll
2013-03-26 21:37 . 2013-03-26 21:37	--------	d-----w-	c:\users\Rike\AppData\Roaming\Malwarebytes
2013-03-26 21:36 . 2013-03-26 21:36	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-26 21:36 . 2013-03-26 21:36	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-03-26 21:36 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-20 19:50 . 2013-02-12 01:57	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-15 00:34 . 2013-02-02 03:23	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-03-15 00:34 . 2013-02-02 04:19	149552	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-03-15 00:34 . 2013-02-02 03:26	420864	----a-w-	c:\windows\system32\vbscript.dll
2013-03-10 14:18 . 2013-03-10 14:18	--------	d-----w-	c:\users\Rike\AppData\Local\GameHouse
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-11 23:10 . 2011-07-15 08:52	237088	------w-	c:\windows\system32\MpSigStub.exe
2013-02-23 00:24 . 2013-02-23 00:25	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-08 10:50 . 2012-06-29 17:19	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-08 10:50 . 2011-07-27 18:08	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-08 12:56 . 2013-03-08 12:56	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{990af1c2-5a27-4460-8149-ecc6bc122af3}"= "c:\program files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{990af1c2-5a27-4460-8149-ecc6bc122af3}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{990af1c2-5a27-4460-8149-ecc6bc122af3}]
2011-05-09 09:49	176936	----a-w-	c:\program files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{990af1c2-5a27-4460-8149-ecc6bc122af3}"= "c:\program files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{990af1c2-5a27-4460-8149-ecc6bc122af3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{990AF1C2-5A27-4460-8149-ECC6BC122AF3}"= "c:\program files\IncrediMail_MediaBar_Deutsch_2\prxtbInc0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{990af1c2-5a27-4460-8149-ecc6bc122af3}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-11-13 366576]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-30 356376]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-12-18 295072]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-12-12 163000]
.
c:\users\Rike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPService	REG_MULTI_SZ   	HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 15:23	38400	----a-w-	c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-01 17:25	1642448	----a-w-	c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 08:50	30720	----a-w-	c:\windows\System32\soundschemes2.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-14 22:57]
.
2013-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-14 22:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Rike\AppData\Roaming\Mozilla\Firefox\Profiles\15samsl2.default\
FF - prefs.js: browser.startup.homepage - www.ebay.de
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1a362281000000000000001dd9eb4d47&tlver=1.4.31.2&instlRef=&ss=1&affID=100365&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-hpqSRMon - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-04-05 12:57
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2475440407-2368312562-3497043702-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**?HÑñ±m]
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:50ad3019
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-04-05  13:02:26
ComboFix-quarantined-files.txt  2013-04-05 11:02
.
Vor Suchlauf: 5 Verzeichnis(se), 91.136.118.784 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 92.016.672.768 Bytes frei
.
- - End Of File - - 72FAE8E21308B1AC1F416A7C4B8BC84B
         

Alt 05.04.2013, 14:53   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail delivery failed Emails - vermutlich Maleware Problem - Standard

Mail delivery failed Emails - vermutlich Maleware Problem



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.04.2013, 18:58   #9
witchy
 
Mail delivery failed Emails - vermutlich Maleware Problem - Standard

Mail delivery failed Emails - vermutlich Maleware Problem



So alles abgearbeitet! Endlich ist meine blöde Toolbar beim I-Explorer weg. DANKE! Jetzt wäre es noch klasse wenn der Adobe Flashplayer sich nicht immer beim Firefox, den ich als Browser nutze, aufhängen und abstürzen würde.

JRT Ergebnis:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.2 (04.04.2013:1)
OS: Windows Vista (TM) Ultimate x86
Ran by Rike on 05.04.2013 at 16:59:32,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] web assistant updater 
Successfully deleted: [Service] web assistant updater 



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{98889811-442d-49dd-99d7-dc866be87dbc} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2475440407-2368312562-3497043702-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-2475440407-2368312562-3497043702-1000\software\web assistant"
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
Successfully deleted: [Registry Key] hkey_classes_root\esrv.babylonesrvc
Successfully deleted: [Registry Key] hkey_classes_root\esrv.babylonesrvc.1
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\babylontoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\babylontoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
Successfully deleted: [Registry Key] hkey_local_machine\software\iminstaller
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\web assistant
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\extension.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\b
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\babylon.dskbnd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\babylon.dskbnd.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylnapp.appcore
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylnapp.appcore.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\escort.escrtbtn.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2724407
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{291bccc1-6890-484a-89d3-318c928dac1b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{97f2ff5b-260c-4ccf-834a-2dda4e29e39e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{98889811-442d-49dd-99d7-dc866be87dbc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{b8276a94-891d-453c-9ff3-715c042a2575}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ffb9adcb-8c79-4c29-81d3-74d46a93d370}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\Rike\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Rike\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\Rike\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Rike\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Rike\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\babylontoolbar"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\web assistant"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Rike\AppData\Roaming\mozilla\firefox\profiles\15samsl2.default\extensions\ffxtlbr@babylon.com
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted the following from C:\Users\Rike\AppData\Roaming\mozilla\firefox\profiles\15samsl2.default\prefs.js

user_pref("CT3241949_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1357160496905,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("extensions.BabylonToolbar.bbDpng", 3);
user_pref("extensions.BabylonToolbar.cntry", "DE");
user_pref("extensions.BabylonToolbar.firstRun", false);
user_pref("extensions.BabylonToolbar.hdrMd5", "A8953EC9A12F0DE5C5336BF91F22561E");
user_pref("extensions.BabylonToolbar.lastActv", "3");
user_pref("extensions.BabylonToolbar.lastDP", 3);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.222:22:08");
user_pref("extensions.BabylonToolbar.propectorlck", 58915362);
user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=1a362281000000000000001dd9eb4d47&tlver=1.4.31.2&instlRef=&ss=1&affID=100365&q=");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://us.yhs4.search.yahoo.com
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://mystart.incredimail.
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.searc
Emptied folder: C:\Users\Rike\AppData\Roaming\mozilla\firefox\profiles\15samsl2.default\minidumps [7 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Rike\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.04.2013 at 17:11:53,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Adw-Cleaner Ergebnis:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 05/04/2013 um 17:16:27 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Ultimate Service Pack 2 (32 bits)
# Benutzer : Rike - RIKE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Rike\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\IncrediMail_MediaBar_Deutsch_2
Ordner Gelöscht : C:\Users\Rike\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Rike\AppData\LocalLow\IncrediMail_MediaBar_Deutsch_2

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_Deutsch_2
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IncrediMail_MediaBar_Deutsch_2 Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{990AF1C2-5A27-4460-8149-ECC6BC122AF3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{990AF1C2-5A27-4460-8149-ECC6BC122AF3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0301A5D-5FD7-4053-BD40-809477CA8D57}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{990AF1C2-5A27-4460-8149-ECC6BC122AF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B0301A5D-5FD7-4053-BD40-809477CA8D57}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF5D39D7-F37C-45A2-976D-0DEE96634B86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\IncrediMail_MediaBar_Deutsch_2
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57FCB77C-C0C2-466C-BB78-8AFEA60C6646}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF6BBB46-7727-465C-8307-94101DB61D07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{990AF1C2-5A27-4460-8149-ECC6BC122AF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B0301A5D-5FD7-4053-BD40-809477CA8D57}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5e705002f617ebf70b75dc63e088477e
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fd31db37f368bf575c9eb3d51ef0b9a4
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_Deutsch_2 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{990AF1C2-5A27-4460-8149-ECC6BC122AF3}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{990AF1C2-5A27-4460-8149-ECC6BC122AF3}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{990AF1C2-5A27-4460-8149-ECC6BC122AF3}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{990AF1C2-5A27-4460-8149-ECC6BC122AF3}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Rike\AppData\Roaming\Mozilla\Firefox\Profiles\15samsl2.default\prefs.js

Gelöscht : user_pref("CT3241949_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v26.0.1410.43

Datei : C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [7246 octets] - [05/04/2013 17:16:27]

########## EOF - C:\AdwCleaner[S1].txt - [7306 octets] ##########
         
--- --- ---


OTL-Ergebnisse:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.04.2013 17:27:23 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rike\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 45,82% Memory free
4,23 Gb Paging File | 2,85 Gb Available in Paging File | 67,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 85,49 Gb Free Space | 57,36% Space Free | Partition Type: NTFS
Drive D: | 146,00 Gb Total Space | 72,52 Gb Free Space | 49,67% Space Free | Partition Type: NTFS
 
Computer Name: RIKE-PC | User Name: Rike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Rike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Online Games Manager\ogmservice.exe (RealNetworks, Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.)
PRC - C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Programme\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Programme\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Programme\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Programme\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\IncrediMail\Bin\PMC.dll ()
MOD - C:\Programme\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Programme\IncrediMail\Bin\ImAppRU.dll ()
MOD - C:\Programme\IncrediMail\Bin\IMHttpComm.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ogmservice) -- C:\Programme\Online Games Manager\ogmservice.exe (RealNetworks, Inc.)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (PCASp50) -- System32\Drivers\PCASp50.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Rike\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = 
 
IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.ebay.de"
FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.579
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 19:54:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.18 12:04:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:56:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.07.15 00:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rike\AppData\Roaming\mozilla\Extensions
[2013.04.05 17:10:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rike\AppData\Roaming\mozilla\Firefox\Profiles\15samsl2.default\extensions
[2013.03.08 14:56:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 14:56:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.20 19:54:46 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2012.12.18 12:04:47 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013.03.08 14:56:49 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.18 14:36:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 11:16:44 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.18 14:36:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.18 14:36:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.18 14:36:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.18 14:36:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\npbrowserext.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: RealDownloader = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Skype Extension = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\
CHR - Extension: Anti-Banner = C:\Users\Rike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2013.04.05 12:57:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Programme\IncrediMail\Bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11BBDDAA-5B74-42EB-A6F3-D0D567C18A91}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0AFF43A-621A-46FD-82F1-8ACF19E8B160}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rike\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rike\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.05 16:59:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.05 16:59:12 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.05 16:57:55 | 000,551,171 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Rike\Desktop\JRT.exe
[2013.04.05 13:02:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.05 13:02:31 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\temp
[2013.04.05 12:23:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.05 12:23:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.05 12:23:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.05 12:23:14 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.04.05 12:22:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.05 12:21:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.05 00:54:27 | 005,047,266 | R--- | C] (Swearware) -- C:\Users\Rike\Desktop\ComboFix.exe
[2013.04.04 23:54:55 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rike\Desktop\tdsskiller.exe
[2013.04.04 22:15:21 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Rike\Desktop\aswMBR.exe
[2013.04.04 20:33:39 | 000,000,000 | ---D | C] -- C:\Users\Rike\Desktop\MBAR
[2013.04.02 14:55:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rike\Desktop\OTL.exe
[2013.03.27 00:50:16 | 000,000,000 | ---D | C] -- C:\Users\Rike\Documents\Schulter
[2013.03.26 23:37:28 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Roaming\Malwarebytes
[2013.03.26 23:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.26 23:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.26 23:36:44 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.26 23:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.20 21:50:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.15 02:34:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.15 02:33:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.15 02:33:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.15 02:33:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.15 02:33:56 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.15 02:33:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.15 02:33:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.15 02:33:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.03.10 16:18:58 | 000,000,000 | ---D | C] -- C:\Users\Rike\AppData\Local\GameHouse
[2013.03.08 14:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.05 17:24:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.05 17:24:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.05 17:20:00 | 000,001,773 | ---- | M] () -- C:\Users\Rike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
[2013.04.05 17:19:51 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.04.05 17:19:43 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.04.05 17:19:35 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 17:19:32 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 17:19:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.05 17:19:11 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.05 17:18:04 | 000,003,204 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.04.05 17:14:51 | 000,613,083 | ---- | M] () -- C:\Users\Rike\Desktop\adwcleaner.exe
[2013.04.05 16:57:58 | 000,551,171 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Rike\Desktop\JRT.exe
[2013.04.05 12:57:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.05 00:55:17 | 005,047,266 | R--- | M] (Swearware) -- C:\Users\Rike\Desktop\ComboFix.exe
[2013.04.04 23:55:27 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rike\Desktop\tdsskiller.exe
[2013.04.04 22:29:38 | 304,205,775 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.04 22:16:59 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Rike\Desktop\aswMBR.exe
[2013.04.03 20:05:21 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.03 20:05:21 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.03 20:05:21 | 000,126,510 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.03 20:05:21 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.02 14:55:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rike\Desktop\OTL.exe
[2013.04.02 14:49:32 | 000,000,000 | ---- | M] () -- C:\Users\Rike\defogger_reenable
[2013.04.01 19:26:26 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.26 23:36:48 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.13 11:40:27 | 000,019,456 | ---- | M] () -- C:\Users\Rike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.12 01:10:56 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2013.04.05 17:14:49 | 000,613,083 | ---- | C] () -- C:\Users\Rike\Desktop\adwcleaner.exe
[2013.04.05 12:23:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.05 12:23:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.05 12:23:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.05 12:23:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.05 12:23:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.02 14:49:32 | 000,000,000 | ---- | C] () -- C:\Users\Rike\defogger_reenable
[2013.03.26 23:36:48 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.10 22:26:35 | 000,001,502 | ---- | C] () -- C:\Users\Rike\.recently-used.xbel
[2012.11.28 14:47:53 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.11.14 20:58:29 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2012.11.14 20:57:47 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.12.05 22:33:48 | 000,017,408 | ---- | C] () -- C:\Users\Rike\AppData\Local\WebpageIcons.db
[2011.07.19 14:25:38 | 000,166,605 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2011.07.19 14:25:38 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011.07.17 14:01:18 | 000,019,456 | ---- | C] () -- C:\Users\Rike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.16 01:41:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.07.16 01:33:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.07.16 01:33:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.07.16 01:31:12 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.07.15 23:35:54 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2011.07.14 23:37:54 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.07.14 23:37:17 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.07.14 22:30:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.14 22:14:22 | 000,186,464 | ---- | C] () -- C:\Windows\hpoins21.dat
[2011.07.14 22:14:22 | 000,007,262 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2011.07.14 21:46:25 | 000,000,680 | ---- | C] () -- C:\Users\Rike\AppData\Local\d3d9caps.dat
[2011.07.14 21:31:39 | 000,003,204 | ---- | C] () -- C:\Windows\bthservsdp.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


und

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.04.2013 17:27:23 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rike\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 45,82% Memory free
4,23 Gb Paging File | 2,85 Gb Available in Paging File | 67,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 85,49 Gb Free Space | 57,36% Space Free | Partition Type: NTFS
Drive D: | 146,00 Gb Total Space | 72,52 Gb Free Space | 49,67% Space Free | Partition Type: NTFS
 
Computer Name: RIKE-PC | User Name: Rike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{190C6300-2B84-431F-9BC8-7698FF62CC9B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{30593774-0A21-4EED-A2AD-6243660C0251}" = lport=138 | protocol=17 | dir=in | app=system | 
"{37C66F52-CFB7-44B2-B0F8-A06A399E0618}" = rport=445 | protocol=6 | dir=out | app=system | 
"{443DE31E-C10D-4F5E-86C0-C855341360F7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4523FEB0-2BB1-4897-8435-47B53C63408C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4F488A2A-1E0D-4161-9A38-F37BF58138C7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{552A8218-30C8-442D-9B27-CAFF9B93A5C1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{606B6052-6D86-4BB5-986E-2256805BE253}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6A1803E3-E309-4ADE-998B-20EB7B413F5B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6A32A5AF-AC80-4B42-8FF4-70C8EE509BAB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6F914B4B-C1B9-444E-AF29-20AD20250911}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8B68A314-BDC5-4721-81DD-F4F448A9BE4D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{944CF942-4F0B-4B81-B184-94128001AAF9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9CA35107-09C4-4BCA-AA7B-EF75457585B4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B1EC4F16-A75A-48DC-A3E6-449D3D4F1C85}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B8F563B5-579E-4346-B2C8-88E192863C9D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C001F7C1-B0B8-4F23-A081-E96DF64BE742}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CF046FEF-8E66-4060-BE76-B5B437DF995F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D9EB97BE-DE73-4B80-AB22-FAC1952F6178}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DB62EC5B-D0FB-4A91-9CA8-0DE95301898F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EB1F3FB4-597E-431E-846B-0017BB25F09A}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2417A877-E097-4780-A186-A24783E1D35A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{29A48A1D-266D-40E0-8C03-EDAC804CE370}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{38931EE1-1C16-4CA2-B74D-3336893EC8C9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{3AB1BC49-5E58-4048-A1B3-9CF21EBE99CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B195ADD-1B8A-4078-AF8B-36542166C4B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{59F6A49A-0FAE-4AAF-8322-32B6D31FF195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5F664BC8-AD26-464B-8262-076A761B0B1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{649159D1-C543-4F01-9BB2-9445B2127B10}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{65504B95-5929-4BF1-A551-02E155761738}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe | 
"{6EDD0956-35DC-49FD-B4E4-03D0CE7A91B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{89CA40B8-4122-46F5-92BD-CE9263FF5A13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F9029AD-8037-4D3D-98C0-C397E0758EE4}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{93FB8B41-EC61-4EFC-8E1E-9C2216559BEE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9D2AF647-7E94-4EA1-8DAA-A0E935E61E34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A029A707-4125-4740-869B-87F8B021B7A3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B244666D-8306-4D82-A879-32AC324B0646}" = protocol=6 | dir=out | app=system | 
"{B84AF35E-9A78-4A42-85B6-FC6EE10AD748}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe | 
"{C277BD8C-4892-4A6A-B200-EB0881370DEA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C4BBDBF9-46B5-4AC4-AA43-30D1E7C23142}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D3C78871-D0CB-4E9F-BA47-1400E74DF0DB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D6F2201A-EE22-40C2-85CA-78419CF85425}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{FF30DD1D-F18D-47B2-97E3-96DBC1898B9A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EFDE8F4-691D-4CB0-B4C1-0BD63B0907FF}" = IncrediMail
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{162d74e4-7d6d-4949-8018-50e96e314696}" = C6200_Help
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CC52794-9EFB-4E79-A9BC-2CFFAB13DB0A}" = calibre
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98D64F70-1BE2-4E06-A58E-50FF642B3F24}" = HP Officejet Pro 8600 - Grundlegende Software für das Gerät
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE54D686-ACC0-42db-A46B-987A5B6D8325}" = C6200
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Audacity_is1" = Audacity 2.0.2
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)  
"Das Rettungsteam" = Das Rettungsteam
"DSGPlayer" = RTL GAME CENTER
"Free YouTube Downloader Converter" = Free YouTube Downloader Converter
"Google Chrome" = Google Chrome
"Green Valley" = Green Valley
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IncrediMail" = IncrediMail 2.0
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"MAGIX FunPix Maker D" = MAGIX FunPix Maker 1.0.0.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Online Games Manager" = Online Games Manager v1.20
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoScape" = PhotoScape
"RealPlayer 16.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SmartToolsSchriftart-Assistentv3.50" = SmartTools Publishing • Word Schriftart-Assistent
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"UnderCoverXP_is1" = UnderCoverXP 1.23
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2475440407-2368312562-3497043702-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Fishdom - Seasons Under the Sea Deluxe" = Fishdom - Seasons Under the Sea Deluxe
"Fishdom - Spooky Splash Deluxe" = Fishdom - Spooky Splash Deluxe
"Fishdom 2 Deluxe" = Fishdom 2 Deluxe
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 05.04.2013 11:20:47 | Computer Name = Rike-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 05.04.2013 11:20:48 | Computer Name = Rike-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.04.2013 11:21:03 | Computer Name = Rike-PC | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >
         
Danke und bis zur nächsten Anweisung!

LG
Rike
--- --- ---

Alt 06.04.2013, 04:14   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail delivery failed Emails - vermutlich Maleware Problem - Standard

Mail delivery failed Emails - vermutlich Maleware Problem



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.04.2013, 21:52   #11
witchy
 
Mail delivery failed Emails - vermutlich Maleware Problem - Standard

Mail delivery failed Emails - vermutlich Maleware Problem



Hi cosinus,

du bist ja ganz schön früh auf.

So ich bin fertig.

Malwarebytes Log Datei:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.06.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Rike :: RIKE-PC [Administrator]

06.04.2013 12:50:42
mbam-log-2013-04-06 (12-50-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 204758
Laufzeit: 12 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Was ist mit den Dateien, die dort in Quarantäne sind? Müssen die dort bleiben?

ESET Log-Datei: (Der Lauf hat 5 Stunden und 15 Minuten gedauert. Ich habe aber auch ne geteilte Festplatte und ne externe dazu.)

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=058a9642896328419b7a22f66991c52f
# engine=13563
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-06 07:21:04
# local_time=2013-04-06 09:21:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1286 16777213 100 98 19630 20042386 0 0
# compatibility_mode=5892 16776574 100 100 120795 202808919 0 0
# scanned=277510
# found=0
# cleaned=0
# scan_time=18808
         
Jetzt noch ein paar für dich vermutlich "blöde" Fragen von mir, falls wir fertig sind.

Waren das nun die Zylom Spiele? Die kann ich jetzt deinstallieren, weil ich sie eh nicht mehr spielen kann oder? (Bitte jetzt nicht antworten "Falls du wieder die Maleware auf deinem Rechner haben möchtest, dann installiere sie wieder". ) Übrigens habe ich von einem dieser Spiele eine "Back UP"-CD. Ist die auch für die Tonne? Wenn ja dann werde ich dieser "netten" Firma mal einen bösen Brief schreiben.

Muss ich Angst haben, weil ich noch zwei Spiele von Zylom auf dem Rechner habe, dass da irgendwann etwas passiert? Gespielt habe ich beide schon.

Die Software, die ich mir alle runtergeladen habe (Malewarebytes, OTL, usw.) soll ich die von meinem Rechner runterlöschen oder drauflassen?

Bezüglich der ständigen Adobe Flash Player Abstürzen beim Firefox muss ich ein neues Thema in nem anderen Strang aufmachen?

Fragen über Fragen - sorry Frau halt, aber nicht blond und nur blöd.

Ganz herzliches Dankeschön!

LG
witchy

PS: Gehen wir jetzt ein trinken? Fischkopp mit Batzi? (Ich hoffe, dass du Spaß verstehst?!)

Alt 07.04.2013, 02:14   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail delivery failed Emails - vermutlich Maleware Problem - Standard

Mail delivery failed Emails - vermutlich Maleware Problem



Manchmal bin ich auch lange wach, früh aufstehen war noch nie mein Fall
Ich als Fischkopp bin aufgeschlossen und trinke auch gern mit Bazis aber zwing mir bitte kein Weißbier auf

Diese zyloom Games sind AFAIR schon vorinstalliert vom OEM-Hersteller. Sprich, du kaufst dir zB ein neues Notebook, packst es aus und schaltest es ein, nach etwas Abfragerei ist dieser Müll einfach schon drauf. Diese Unsitte ist weit verbreitet, denn die Hersteller sehen deinen Rechner, den du selbst bezahlst, auch als eine Art Litfasssäule an.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.04.2013, 23:01   #13
witchy
 
Mail delivery failed Emails - vermutlich Maleware Problem - Standard

Mail delivery failed Emails - vermutlich Maleware Problem



Hi cosinus,

dass du "nachtaktiv" bist habe ich schon vermutet. Ich bin ja auch, ne olle Nachteule. Früh aufstehen ist ein Graus, aber ab und an muss es halt sein. Gott sei Dank arbeite ich aber meistens Nachmittags.

Tja was soll ich jetzt aus deiner Antwort rauslesen. Wart ich hol mal die Tarotkarten.

Laut denk: "Mh, anscheinend ist mein Rechner bereinigt, Spiele von Zylom sind auf jedem Rechner, sprich ich kann die Back UP CD ja mal in das CD-Laufwerk reinlegen und wenn Kaspersky meckert, dann kann ich sie wieder rausschmeissen. Mit der Software, die ich runtergeladen habe kann ich machen was ich will."

Bevor ich hier weiter vor mich hin orakel, könntest du mir bezüglich der Dateien, die in Quarantäne sind noch einen Rat geben? Vemutlich dort lassen?

Zwecks Adobe-Flash-Player-Abstürzen beim Firefox suche ich hier mal selber ob es diesbezüglich schon ein Thema gibt. *lautgedacht*

Mein Problem bezüglich Maleware scheint erledigt. Dafür dickes Danke!

LG
witchy

PS: Jetzt wollte ich dir eine PN schicken, aber das darf man/frau anscheinend nicht. Schade!

Zitat:
Zitat von cosinus Beitrag anzeigen
Ich als Fischkopp bin aufgeschlossen und trinke auch gern mit Bazis aber zwing mir bitte kein Weißbier auf
Nun eigentlich sollte es nicht jeder lesen, aber egal. Ich hätte fast gewettet, dass du nicht auf meine "Einladung" eingehst. Jetzt überlege ich schon den ganzen Tag, wie ich das hinbekomme, denn wenn ich etwas verspreche, dann halte ich es auch. Da uns sicher viele viele 100 Kilometer trennen, kann ich nicht mal eben in mein Auto springen und in den hohen Norden fahren. Zwei Vorschläge: Du besuchst mich auf z.B. wenn hier Dult (hochdeutsch = Kirmes) ist (Schlafgelegenheit ist kein Problem) oder ich mach ein Päckchen fertig, dass ich z.B. postlagernd schicke. Die Batzeline zwingt dir auch kein Weißbier auf. Ach ja auf der Dult gibt es nur Maß (1 Liter) und keine 0,2er Gläschen. Jetzt bin ich gespannt ob und wie du darauf antwortest.

Geändert von witchy (07.04.2013 um 23:23 Uhr)

Alt 07.04.2013, 23:05   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mail delivery failed Emails - vermutlich Maleware Problem - Standard

Mail delivery failed Emails - vermutlich Maleware Problem



Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.04.2013, 23:29   #15
witchy
 
Mail delivery failed Emails - vermutlich Maleware Problem - Standard

Mail delivery failed Emails - vermutlich Maleware Problem



Ups wir haben uns überschnitten.

Lies bitte noch mein PS im letzten Post, da ich editiert habe. Danke!

Deine letzten Anweisungen mache ich morgen. Da habe ich noch frei.

LG

witchy

Antwort

Themen zu Mail delivery failed Emails - vermutlich Maleware Problem
32 bit, babylontoolbar, bho, converter, desktop, ebanking, error, excel, failed, feedback, firefox, flash player, free youtube downloader, helper, install.exe, internet security 2013, kaspersky, kaspersky internet security 2013, logfile, mail delivery, maleware, maleware?, mozilla, object, officejet, online games, problem, programm, registry, scan, security, software, svchost.exe, tastatur, trojaner, trojaner board, vista, wenig ahnung, youtube downloader



Ähnliche Themen: Mail delivery failed Emails - vermutlich Maleware Problem


  1. Mail delivery failed: returning message to sender
    Überwachung, Datenschutz und Spam - 16.07.2014 (3)
  2. E-Mail Programm blockiert - Mail delivery failed..
    Log-Analyse und Auswertung - 20.04.2014 (18)
  3. Seit gestern 800 Emails mit Mail delivery failed​: returning message ​to sender​
    Log-Analyse und Auswertung - 27.03.2014 (9)
  4. Mail delivery failed: returning message to sender
    Log-Analyse und Auswertung - 06.12.2013 (7)
  5. Mail delivery failed: returning message to sender
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (8)
  6. Viele "Mail delivery failed: returning message to sender" und komische Emails im Postfach!
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (3)
  7. E-Mail-Problem bei WEB.DE (Mail delivery failed: returning message to sender - keineantwortadresse@web.de )
    Plagegeister aller Art und deren Bekämpfung - 12.10.2013 (11)
  8. Mail delivery failed, aber nur in Windows live mail
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (8)
  9. Mail delivery failed
    Log-Analyse und Auswertung - 09.06.2013 (7)
  10. GMX Verschickt von selbst EMails.... Mail delivery failed: returning message to sender
    Log-Analyse und Auswertung - 15.05.2013 (1)
  11. Mail delivery failed: returning message to sender, obwohl keine mail versendet
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (0)
  12. Mail delivery failed-SPAM Mails. E-Mail-Acc kompromittiert?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (1)
  13. Emails (mail delivery failed) hundertfach in meinem Postfach bei web.de!
    Log-Analyse und Auswertung - 13.12.2012 (9)
  14. mail delivery failed: returning message to sender bei web.de
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (11)
  15. Web.de (Mail delivery failed)
    Plagegeister aller Art und deren Bekämpfung - 07.12.2012 (16)
  16. Web.de (Kein Absender, Mail delivery failed)
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (17)
  17. Mail delivery failed. Web.de Postfach verschickt selbständig Emails.
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (15)

Zum Thema Mail delivery failed Emails - vermutlich Maleware Problem - Liebe fleissigen Helferlein vom Trojaner Board, ich bekomme seit ein paar Tagen Emails mit dem Betreff "Mail delivery failed" in denen meine Email Adresse als Absender steht. Da ich 3 - Mail delivery failed Emails - vermutlich Maleware Problem...
Archiv
Du betrachtest: Mail delivery failed Emails - vermutlich Maleware Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.