| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hochWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.07.2013, 07:59
| #1 |
 |  Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Guten Abend, ich bin nur ein einfacher Nutzer, habe versucht die Files zu erstellen...hoffe es reicht. Ich Hoffe ihr könnt mir helfen. Computer ist lahm Computer schaltet sich immer wieder ein. Vielen Dank OTL logfile created on: 03.07.2013 20:24:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kiki\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,96% Memory free 6,18 Gb Paging File | 4,51 Gb Available in Paging File | 72,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,37 Gb Total Space | 16,45 Gb Free Space | 14,14% Space Free | Partition Type: NTFS Drive E: | 115,05 Gb Total Space | 1,79 Gb Free Space | 1,56% Space Free | Partition Type: NTFS Computer Name: SOULFRIENDS1 | User Name: Kiki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.03 20:01:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kiki\Desktop\OTL.exe PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.03.13 18:40:08 | 001,278,064 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee.com\Agent\mcagent.exe PRC - [2013.02.19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe PRC - [2013.02.19 15:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe PRC - [2013.02.19 15:06:50 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe PRC - [2012.12.14 17:18:50 | 001,481,200 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\Receiver\Receiver.exe PRC - [2012.12.14 15:26:06 | 000,887,352 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\wfcrun32.exe PRC - [2012.12.14 15:24:56 | 000,383,544 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\concentr.exe PRC - [2012.12.12 14:37:10 | 000,054,320 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\SelfServicePlugin\SelfServicePlugin.exe PRC - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe PRC - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.12.07 15:25:01 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2009.01.19 11:20:40 | 001,985,080 | ---- | M] (NETGATE Technologies s.r.o.) -- C:\Programme\Spy Emergency 2008\SpyEmergency.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2008.01.29 19:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2008.01.09 15:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2007.12.25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2007.12.25 14:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe PRC - [2007.11.21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2013.05.16 10:11:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll MOD - [2013.05.16 10:01:37 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\adc5863246b4c1f20b21d823bc6ee21b\System.Windows.Forms.ni.dll MOD - [2013.02.14 15:11:09 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.11 05:43:36 | 005,457,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\1beca67411be68bc4032f757b5ea6ebb\System.Xml.ni.dll MOD - [2013.01.11 05:43:03 | 006,648,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\4ecb5cac26d2d944c36bce794fbeecf5\System.Data.ni.dll MOD - [2013.01.11 04:32:19 | 001,597,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3c962fecd27f03689497125f43677fe3\System.Drawing.ni.dll MOD - [2013.01.11 04:30:07 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.04.17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2012.04.17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2012.04.17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2012.04.17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll MOD - [2012.04.17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2012.04.17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2012.04.17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\OutputLog.dll MOD - [2012.04.17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.09.13 15:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - File not found [Auto | Stopped] -- C:\Program Files\RelevantKnowledge\rlservice.exe /service -- (RelevantKnowledge) SRV - [2013.07.01 22:35:40 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai) SRV - [2013.06.11 23:56:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.09 08:14:38 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp) SRV - [2013.02.19 15:08:52 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV - [2013.02.19 15:06:50 | 000,203,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2012.11.16 22:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2012.08.31 14:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.12.07 15:25:01 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2011.12.07 15:24:53 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2009.01.19 11:20:46 | 000,727,608 | ---- | M] (NETGATE Technologies s.r.o.) [Auto | Stopped] -- C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe -- (SpyEmrgSrv) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.12.25 14:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2007.12.03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service) SRV - [2007.11.21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.08.23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avfsfilter.sys -- (AVFSFilter) DRV - [2013.02.19 15:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids) DRV - [2013.02.19 15:12:24 | 000,210,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2013.02.19 15:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2013.02.19 15:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2013.02.19 15:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2013.02.19 15:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2013.02.19 15:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2013.02.19 15:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2012.12.05 16:23:32 | 000,073,544 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2012.04.20 17:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK) DRV - [2010.06.23 11:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2010.06.14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2010.02.21 17:05:00 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.12.22 16:07:00 | 000,108,768 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV08.sys -- (ACEDRV08) DRV - [2009.09.16 11:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009.09.16 11:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009.06.10 01:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2008.11.17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.08.11 17:13:24 | 000,015,288 | ---- | M] (NETGATE Technologies s.r.o.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\spyemrg_access.sys -- (SpyEmrgAccess) DRV - [2008.04.17 17:59:02 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc) DRV - [2008.04.17 17:58:00 | 000,560,640 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda) DRV - [2008.02.05 12:10:14 | 000,014,392 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spyemrg_guard.sys -- (SpyEmrgGuard) DRV - [2008.02.05 12:10:10 | 000,012,344 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\spyemrg.sys -- (SpyEmrg) DRV - [2008.01.21 16:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.11.09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2007.09.26 07:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.20 15:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2006.11.02 02:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2005.01.19 11:14:38 | 000,211,712 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) DRV - [2005.01.19 11:11:16 | 000,022,016 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{041E2009-2712-4AD9-A4AC-50F9D8539177}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304564 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{041E2009-2712-4AD9-A4AC-50F9D8539177}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109868&tt=050412_30b&babsrc=SP_ss&mntrId=bc13d0e4000000000000001f3cb8cb39 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{AED1B68C-71DD-456A-ADB9-FB10DFDDE206}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKCU\..\SearchScopes\{CD10120B-C165-4f8d-8C74-639629E238FF}: "URL" = hxxp://mystart.magentic.com/?search={searchTerms}&loc=search_box IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "xemote-browser Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2618531&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_Prot" FF - prefs.js..extensions.enabledAddons: wisestamp%40wisestamp.com:3.11.21 FF - prefs.js..extensions.enabledAddons: %7B694b57c6-ad53-4442-8290-c5539e368aac%7D:5.1 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7 FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.5.1 FF - prefs.js..extensions.enabledAddons: %7B0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff%7D:10.16.2.509 FF - prefs.js..extensions.enabledAddons: %7BD19CA586-DD6C-4a0a-96F8-14644F340D60%7D:15.1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44172 FF - prefs.js..extensions.enabledItems: {48405d3d-2674-4cd8-b1ef-9a719443bd3f}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: wisestamp@wisestamp.com:2.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "MyStart Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://mystart.magentic.com/?loc=FF_Magentic_AddressBar&search=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\Kiki\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013.07.03 19:49:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.09 08:14:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.09 08:14:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.03.28 14:40:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.06.09 08:14:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.09 08:14:27 | 000,000,000 | ---D | M] [2008.11.09 15:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\Extensions [2013.06.09 08:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions [2013.06.09 08:16:31 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2011.03.14 22:38:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.05.23 18:26:42 | 000,000,000 | ---D | M] (SweetIM Toolbar) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions\{694b57c6-ad53-4442-8290-c5539e368aac} [2011.04.05 11:30:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions\engine@conduit.com [2012.02.10 20:15:24 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Kiki\AppData\Roaming\mozilla\Firefox\Profiles\0ocgl157.default\extensions\piclens@cooliris.com [2013.03.20 16:21:25 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.06.09 08:16:32 | 000,504,879 | ---- | M] () (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\extensions\toolbar@gmx.net.xpi [2012.05.22 13:55:52 | 001,771,909 | ---- | M] () (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\extensions\wisestamp@wisestamp.com.xpi [2012.12.15 06:16:40 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.06.09 08:11:44 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.02.13 12:55:52 | 000,000,931 | ---- | M] () -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\searchplugins\conduit.xml [2013.06.09 08:09:40 | 000,000,944 | ---- | M] () -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\searchplugins\icqplugin.xml [2010.05.01 10:49:38 | 000,002,149 | ---- | M] () -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\searchplugins\MyStart Search.xml [2013.05.10 00:46:46 | 000,004,103 | ---- | M] () -- C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\searchplugins\SweetIM Search.xml [2013.06.09 08:14:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.06.09 08:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.06.09 08:14:39 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.06.09 08:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2013.06.09 08:14:22 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net [2013.07.03 19:49:36 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE [2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll [2011.09.23 14:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv530.dll [2006.09.26 14:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.04.11 20:00:52 | 000,002,353 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2009.11.08 08:55:12 | 000,000,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.gif [2009.11.28 01:23:15 | 000,000,175 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.src ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter} CHR - homepage: hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={A9249580-4308-11DE-AEAA-001E3368F9BD} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Flatcast Viewer Plugin 5.2.2.454 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NpFv522.dll CHR - plugin: Flatcast Viewer Plugin 5.3.0.784 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NpFv530.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\GamingWonderland\bar\1.bin\NPgtStub.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20130421192142.dll (McAfee, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll̀ File not found O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media) O4 - HKLM..\Run: [GrooveMonitor] C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{415AC5BE-E6EE-4719-98AB-4D125F9F5722}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F077B84E-188E-41FA-84FC-6E7A3CE8FC22}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Kiki\Pictures\Kendra Mae 17.05.2012.jpg O24 - Desktop BackupWallPaper: C:\Users\Kiki\Pictures\Kendra Mae 17.05.2012.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.03 20:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.07.03 20:01:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kiki\Desktop\OTL.exe [2013.07.01 13:33:25 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Local\{EB7447EE-75B8-4B5D-BE7C-435A3993793F} [2013.06.29 12:15:00 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Roaming\acccore [2013.06.29 12:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL OCP [2013.06.29 12:12:25 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Local\AOL OCP [2013.06.29 12:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL [2013.06.29 12:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint [2013.06.29 12:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint [2013.06.29 12:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM [2013.06.29 12:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL [2013.06.29 12:11:19 | 000,000,000 | ---D | C] -- C:\Program Files\AIM6 [2013.06.28 16:48:23 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Roaming\ArtifexMundi [2013.06.27 19:20:56 | 000,000,000 | ---D | C] -- C:\Users\Kiki\Desktop\Bücher [2013.06.26 17:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.06.26 17:41:26 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2013.06.26 17:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.06.18 11:48:39 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Roaming\viking_saga_en [2013.06.11 00:01:58 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Roaming\BlamGames [2013.06.10 23:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA [2013.06.09 08:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.06.07 16:16:46 | 000,000,000 | ---D | C] -- C:\ProgramData\CrioGames [2013.06.07 16:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Farm Tribe 2 [2013.06.04 17:01:32 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Local\{49647C14-DA28-4B8F-B547-CD4D11231D7C} [2013.06.03 22:19:24 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Local\{E0BCBB0D-3041-4A41-9B62-74F240B3C9B2} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.03 20:29:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.03 20:13:38 | 000,001,091 | ---- | M] () -- C:\Users\Kiki\Desktop\Spybot - Search & Destroy.lnk [2013.07.03 20:03:42 | 000,377,856 | ---- | M] () -- C:\Users\Kiki\Desktop\gmer_2.1.19163.exe [2013.07.03 20:02:04 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk [2013.07.03 20:01:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kiki\Desktop\OTL.exe [2013.07.03 20:00:01 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2013.07.03 19:55:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.03 19:48:48 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.03 19:48:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.03 19:48:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.03 19:47:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.03 19:46:20 | 000,000,020 | ---- | M] () -- C:\Users\Kiki\defogger_reenable [2013.07.03 19:45:15 | 000,050,477 | ---- | M] () -- C:\Users\Kiki\Desktop\Defogger.exe [2013.07.02 14:10:52 | 000,116,736 | ---- | M] () -- C:\Users\Kiki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.07.01 11:04:27 | 000,632,420 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.01 11:04:27 | 000,598,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.01 11:04:27 | 000,106,120 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.07.01 11:04:26 | 000,128,616 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.30 21:19:18 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2013.06.29 12:12:24 | 000,000,446 | -H-- | M] () -- C:\IPH.PH [2013.06.29 12:12:04 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\AOL Instant Messenger.lnk [2013.06.26 17:41:26 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.06.26 15:34:56 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.15 08:07:56 | 000,000,922 | ---- | M] () -- C:\Users\Kiki\Desktop\Dropbox.lnk [2013.06.11 00:01:40 | 000,001,263 | ---- | M] () -- C:\Users\Kiki\Desktop\The Keepers 2.lnk [2013.06.05 10:55:02 | 000,343,931 | ---- | M] () -- C:\Users\Kiki\Documents\Thomas Reichelt.xps [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.03 20:03:39 | 000,377,856 | ---- | C] () -- C:\Users\Kiki\Desktop\gmer_2.1.19163.exe [2013.07.03 19:45:55 | 000,000,020 | ---- | C] () -- C:\Users\Kiki\defogger_reenable [2013.07.03 19:45:13 | 000,050,477 | ---- | C] () -- C:\Users\Kiki\Desktop\Defogger.exe [2013.06.29 12:12:04 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\AOL Instant Messenger.lnk [2013.06.29 12:11:13 | 000,000,446 | -H-- | C] () -- C:\IPH.PH [2013.06.26 17:41:26 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.06.11 00:01:40 | 000,001,263 | ---- | C] () -- C:\Users\Kiki\Desktop\The Keepers 2.lnk [2013.06.05 10:54:58 | 000,343,931 | ---- | C] () -- C:\Users\Kiki\Documents\Thomas Reichelt.xps [2013.05.14 23:02:35 | 000,332,500 | ---- | C] () -- C:\Users\Kiki\AppData\Local\census.cache [2013.05.14 23:02:07 | 000,234,458 | ---- | C] () -- C:\Users\Kiki\AppData\Local\ars.cache [2013.05.14 22:45:10 | 000,000,036 | ---- | C] () -- C:\Users\Kiki\AppData\Local\housecall.guid.cache [2013.05.13 17:09:09 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat [2013.05.13 17:05:24 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2013.05.13 17:05:23 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2013.05.10 17:00:14 | 000,000,092 | ---- | C] () -- C:\Users\Kiki\AppData\Local\fusioncache.dat [2013.05.10 00:47:35 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2012.09.03 12:14:54 | 000,000,552 | ---- | C] () -- C:\Users\Kiki\AppData\Local\d3d8caps.dat [2012.07.07 11:54:00 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.04.11 20:01:31 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.04.11 20:01:31 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.01.12 23:36:52 | 000,765,381 | ---- | C] () -- C:\Users\Kiki\Anhang.pdf [2011.10.17 19:51:46 | 000,715,038 | ---- | C] () -- C:\Windows\unins002.exe [2011.10.17 19:51:46 | 000,002,324 | ---- | C] () -- C:\Windows\unins002.dat [2011.09.21 18:47:33 | 000,100,352 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2011.09.21 18:47:31 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll [2011.09.21 18:47:30 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll [2011.09.21 18:47:26 | 001,202,763 | ---- | C] () -- C:\Windows\unins001.exe [2011.09.21 18:47:26 | 000,012,748 | ---- | C] () -- C:\Windows\unins001.dat [2011.02.28 23:01:12 | 000,000,409 | ---- | C] () -- C:\Users\Kiki\Isidiada.pgs [2011.02.07 14:39:10 | 004,806,101 | ---- | C] () -- C:\Users\Kiki\Kirsten Jan,2011.JPG [2011.02.07 14:37:37 | 000,197,935 | ---- | C] () -- C:\Users\Kiki\weihnachten.2008.jpg [2010.12.29 19:12:25 | 000,128,624 | ---- | C] () -- C:\Users\Kiki\postident Jan.pdf [2010.12.29 19:04:08 | 000,128,619 | ---- | C] () -- C:\Users\Kiki\postident Kiki.pdf [2010.09.26 16:35:36 | 001,180,594 | ---- | C] () -- C:\Users\Kiki\25092010483.jpg [2010.09.26 16:35:36 | 000,868,414 | ---- | C] () -- C:\Users\Kiki\23092010474.jpg [2010.09.26 16:35:36 | 000,752,242 | ---- | C] () -- C:\Users\Kiki\25092010476.jpg [2010.09.26 16:35:36 | 000,681,173 | ---- | C] () -- C:\Users\Kiki\25092010475.jpg [2010.09.26 16:35:36 | 000,657,616 | ---- | C] () -- C:\Users\Kiki\01092010472.jpg [2010.09.26 16:35:36 | 000,650,299 | ---- | C] () -- C:\Users\Kiki\25092010486.jpg [2010.09.26 16:35:36 | 000,637,720 | ---- | C] () -- C:\Users\Kiki\25092010484.jpg [2010.09.26 16:35:36 | 000,626,483 | ---- | C] () -- C:\Users\Kiki\25092010478.jpg [2010.09.26 16:35:36 | 000,626,403 | ---- | C] () -- C:\Users\Kiki\25092010479.jpg [2010.09.26 16:35:36 | 000,614,368 | ---- | C] () -- C:\Users\Kiki\15092010473.jpg [2010.09.26 16:35:36 | 000,608,875 | ---- | C] () -- C:\Users\Kiki\25092010477.jpg [2010.09.26 16:35:36 | 000,605,553 | ---- | C] () -- C:\Users\Kiki\25092010485.jpg [2010.09.26 16:35:36 | 000,590,603 | ---- | C] () -- C:\Users\Kiki\25092010480.jpg [2010.09.26 16:35:36 | 000,565,015 | ---- | C] () -- C:\Users\Kiki\25092010482.jpg [2010.09.26 16:35:36 | 000,524,303 | ---- | C] () -- C:\Users\Kiki\25092010481.jpg [2010.09.26 15:59:02 | 000,533,429 | ---- | C] () -- C:\Users\Kiki\25092010487.jpg [2010.09.04 13:00:27 | 000,577,442 | ---- | C] () -- C:\Users\Kiki\WickiTel_Sep2010.jpg [2010.09.04 13:00:27 | 000,099,459 | ---- | C] () -- C:\Users\Kiki\WickiTel_Sep2010.MHT [2010.04.08 12:48:03 | 000,365,486 | ---- | C] () -- C:\Users\Kiki\kirsten 248.jpg [2010.04.08 12:48:03 | 000,353,917 | ---- | C] () -- C:\Users\Kiki\kirsten 247.jpg [2010.04.08 12:48:03 | 000,352,818 | ---- | C] () -- C:\Users\Kiki\kirsten 250.jpg [2010.04.08 12:48:03 | 000,332,030 | ---- | C] () -- C:\Users\Kiki\kirsten 242.jpg [2010.03.21 19:40:55 | 000,022,680 | ---- | C] () -- C:\Users\Kiki\AppData\Local\slot1.mm1 [2010.01.14 16:47:07 | 000,026,340 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\UserTile.png [2009.11.22 17:41:52 | 000,000,016 | -H-- | C] () -- C:\Users\Kiki\mxfilerelatedcache.mxc2 [2009.11.22 17:26:11 | 000,038,977 | ---- | C] () -- C:\Users\Kiki\21-05-07_1927.jpg [2009.10.13 20:46:12 | 000,696,277 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\unins000.exe [2009.10.13 20:46:12 | 000,001,157 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\unins000.dat [2009.09.07 18:56:23 | 000,124,177 | ---- | C] () -- C:\Users\Kiki\Anklageschrift.htm [2009.09.07 18:38:09 | 002,090,142 | ---- | C] () -- C:\Users\Kiki\Anklageschrift.mdi [2009.08.18 23:23:30 | 000,000,316 | ---- | C] () -- C:\Users\Kiki\Öffentlich - Verknüpfung.lnk [2009.05.09 11:29:41 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2009.04.05 12:12:16 | 000,017,092 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\lili.xml [2009.04.05 12:06:34 | 000,000,378 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\users.xml [2008.10.27 21:00:47 | 000,000,255 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\mb3settings.xml [2008.10.27 21:00:11 | 000,131,200 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\Tahoma_12.dds [2008.10.27 21:00:11 | 000,004,096 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\Tahoma_12.crd [2008.10.17 12:27:29 | 000,000,000 | ---- | C] () -- C:\Users\Kiki\AppData\Roaming\wklnhst.dat [2008.10.08 22:31:44 | 000,000,016 | -H-- | C] () -- C:\Users\Kiki\AppData\Roaming\mxfilerelatedcache.mxc2 [2008.10.08 22:31:44 | 000,000,016 | -H-- | C] () -- C:\Users\Kiki\AppData\Local\mxfilerelatedcache.mxc2 [2008.10.06 14:31:59 | 000,001,356 | ---- | C] () -- C:\Users\Kiki\AppData\Local\d3d9caps.dat [2008.10.06 12:04:29 | 000,116,736 | ---- | C] () -- C:\Users\Kiki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.06 11:51:11 | 000,000,365 | ---- | C] () -- C:\Users\Kiki\Music.lnk [2002.07.01 16:13:30 | 000,000,224 | -HS- | C] () -- C:\Users\Kiki\AppData\Roaming\brun_nbeta12.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.08.15 16:54:47 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\1morebee [2010.04.26 16:29:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\20000Leagues [2012.06.08 13:19:10 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\4 Friends Games [2013.06.29 12:15:00 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\acccore [2009.09.22 19:28:48 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Aisle 5 Games, Inc [2012.04.17 13:28:24 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Alawar [2012.07.13 11:27:37 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Alawar Stargaze [2013.06.15 18:56:31 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\AlawarEntertainment [2013.05.09 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\AlderGames [2012.07.21 19:42:40 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\aliasworlds [2010.10.12 13:34:48 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Alltags-Programme [2012.06.21 12:29:11 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Amaranth Games [2008.11.06 17:51:39 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\AmuletAdventure [2010.05.22 09:44:22 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Anabel [2012.05.18 08:33:52 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Aquamarin Haushaltsbuch [2010.10.09 09:21:59 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Archibald's Adventures [2009.06.17 22:20:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Argonyt [2012.05.03 14:07:52 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Artifex Mundi [2013.06.28 16:48:23 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ArtifexMundi [2012.05.21 18:55:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Artogon [2011.12.14 23:34:25 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Awem [2010.09.14 17:28:01 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\AzuazGames [2010.05.20 20:41:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\BeachPartyCraze [2013.06.11 00:01:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\BlamGames [2009.04.26 13:39:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\blg [2009.03.06 23:47:56 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\BloodTies [2012.10.13 14:13:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Blue Tea Games [2012.08.01 14:37:06 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Boomzap [2011.03.04 20:43:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Brunhilda_prime [2013.02.03 21:20:56 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\calibre [2011.03.01 21:29:23 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\CannyGames [2010.12.19 18:39:22 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\casanova [2013.06.09 20:22:24 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\cerasus.media [2012.06.28 12:43:10 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Chayowo Games [2012.09.17 15:46:20 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\CitadelArcanes [2010.08.22 10:36:06 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\concept design [2009.03.24 21:17:11 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Coyotes Tale [2012.09.13 16:53:01 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\DAEMON Tools Lite [2010.02.21 16:56:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\DAEMON Tools Pro [2012.10.28 17:15:16 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\DAVA [2012.05.06 12:03:56 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Deep Shadows [2013.05.16 18:35:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\DominiGames [2009.12.24 14:57:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Dragon Altar Games [2010.05.10 10:46:41 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Dream Farm Games [2011.02.11 13:50:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Dreamsdwell Stories 2 [2013.07.03 18:05:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Dropbox [2013.03.03 20:46:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\DVDVideoSoft [2012.02.01 19:13:27 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\e-academy Inc [2011.04.08 13:38:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ElementalsTheMagicKey [2012.11.18 14:00:52 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Elephant Games [2012.04.08 10:21:21 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\EnchantedCavern [2011.06.10 23:50:02 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Enki Games [2012.03.25 18:29:04 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\EntwinedSoD [2011.03.20 11:47:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\EPSON [2011.04.07 19:12:01 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ERS G-Studio [2012.09.15 15:01:34 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ERS Game Studios [2010.04.25 16:44:38 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Fabulous Finds [2010.10.17 16:50:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Farm Mania 2 [2010.11.03 13:22:47 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\FarmerJane [2011.12.07 15:47:15 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Fighters [2012.09.15 15:03:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\flashInstallDE [2010.10.25 17:28:39 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Flatcast [2009.01.03 15:07:08 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\FloodLightGames [2011.04.15 13:35:13 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Freeze Tag [2011.07.18 14:52:31 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Friday's games [2011.06.19 11:37:04 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Frozen Kingdom [2008.11.15 23:49:38 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Gaijin Ent [2012.10.08 15:14:01 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\gamehouse_adelantado [2012.07.01 16:15:41 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\GameInvest [2012.09.25 17:39:46 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\GameMill Entertainment [2011.03.31 14:15:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Gamers Digital [2012.06.26 15:19:05 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Games [2009.06.09 17:24:34 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\gemsweeperextractedgfx [2011.03.30 17:08:52 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\GetRightToGo [2011.02.27 16:01:22 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Ghost Ship Studios [2012.06.02 17:26:56 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Gogii [2010.11.09 13:31:39 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Gogii Games [2011.04.15 19:35:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\HdO Adventure [2011.07.29 15:31:46 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\HeroCraft [2009.06.15 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\HiT-MM [2012.06.04 11:55:00 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\HTC [2012.01.04 12:20:13 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2013.04.13 11:17:03 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ICAClient [2008.11.22 20:01:01 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ICQ [2011.04.08 16:59:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\iMaxGen [2010.11.07 16:20:05 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Intenium [2010.06.14 14:38:12 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Inteniumv1002 [2011.07.30 13:05:14 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Jewel Keepers Easter Island [2012.04.22 17:31:24 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Jewel Match 3 [2011.07.29 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Jewel Time Deluxe [2012.05.10 14:24:37 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Jewels of the East India Company [2010.11.19 19:11:37 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\JuiceMania [2013.02.10 14:20:30 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\KatGames [2012.03.24 19:41:10 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Kutawaves Games [2010.08.15 13:33:14 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\LaJangada [2010.08.08 15:51:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Lazy Turtle Games [2012.04.17 16:10:44 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\LegacyInteractive [2011.01.16 16:13:36 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Local [2009.09.05 23:12:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Lost in the City [2009.11.28 19:07:09 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\MA [2008.11.17 18:35:59 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Magic Academy [2011.03.21 20:08:10 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Magic Academy 2 [2010.07.06 10:27:04 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Magic3 [2010.08.26 19:03:59 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\MagicMatch [2009.10.30 19:58:18 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\MAGIX [2010.11.25 18:18:25 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Merscom [2012.02.27 01:24:19 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ML [2013.02.09 00:23:55 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\MMFApplications [2011.08.14 08:36:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\MTpro [2011.04.15 17:30:35 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Mutant Arcade [2009.12.04 00:13:47 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\My Games [2008.10.18 16:26:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\myphotobook [2011.02.16 19:31:50 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Mystery of Mortlake Mansion [2008.11.15 23:01:03 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Mysteryville2 [2010.10.18 19:35:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\NevoSoft Games [2012.12.29 18:35:41 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Nitreal Games [2012.10.05 13:10:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\northerntale_rondomedia_de [2011.07.30 13:01:46 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\OG International Ltd [2012.09.30 20:12:24 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\OpenCandy [2012.05.31 17:31:34 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PapDesigner [2010.11.14 13:32:44 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PC Suite [2010.10.19 12:23:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Peace Craft [2010.09.28 20:17:15 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PeaceCraft2 [2012.08.01 19:55:47 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PeaceCraft3 [2010.01.14 16:47:07 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PeerNetworking [2011.08.14 08:26:38 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Perspectix [2010.09.06 17:31:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Ph03nixNewMedia [2011.05.17 15:35:30 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PlayFirst [2012.09.08 12:44:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Playrix Entertainment [2011.03.16 21:02:02 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PoBros [2009.04.19 15:43:12 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PopCapv1002 [2010.09.17 18:07:20 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PopCapv1003 [2010.09.17 18:32:03 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\PopCapv1006 [2011.03.14 16:32:50 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ProtectDISC [2012.05.03 16:13:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\quickclick [2010.08.02 13:30:32 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\RainbowGames [2009.03.24 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\RobinsonCrusoeBFGDE [2010.03.16 16:05:48 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\RobinsonCrusoeCER [2012.10.19 18:48:30 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Rumbic Studio [2008.10.25 19:58:39 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Runes of Avalon 2 [2009.11.15 14:37:00 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Sahmon Games [2012.02.27 00:57:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Samsung [2010.08.26 19:03:59 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Saqqarah [2010.05.09 17:35:15 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ScreenSeven [2009.03.08 14:47:23 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Se Analyzer Tool SA [2010.06.29 17:12:44 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SecretIslandDeuBF [2008.12.29 16:51:30 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SecretIslandEng [2009.05.15 22:05:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SerpentOfIsis [2011.01.16 14:56:04 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SevenSails [2011.03.08 16:53:27 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ShaoLin [2010.10.20 13:24:12 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Shape games [2011.05.31 10:55:55 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Silverback Productions [2010.11.06 16:09:25 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Skip-Bo [2011.01.20 22:34:52 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Sleepwalker Games [2012.09.13 16:53:53 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Specialbit [2009.02.28 20:10:05 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SpinTop Games [2008.10.27 13:33:25 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SprillBermudeDeu [2010.10.12 13:48:36 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Spy Emergency [2010.08.26 19:03:59 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\StoneLoops! [2012.01.24 23:36:46 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Striped Arts [2009.03.24 22:26:12 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\SultansLabyrinth [2013.05.10 08:52:09 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Systweak [2012.10.03 16:08:51 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\tabagames [2011.02.01 14:44:02 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Thinstall [2011.05.21 16:54:55 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\TLOTGT [2011.08.28 16:23:49 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Top Evidence [2008.10.07 17:08:16 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\TOSHIBA [2009.05.24 19:02:24 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Total Eclipse [2010.07.21 19:05:46 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Trio [2008.11.21 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\TuneUp Software [2012.04.05 12:30:20 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Twilight Games [2009.09.07 22:11:26 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Twintale Entertainment [2012.05.28 12:42:07 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\URSE Games [2013.06.29 19:47:06 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Usenet.nl [2009.12.02 17:56:02 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\V-Games [2011.07.31 11:43:28 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\ValGor 2 [2010.06.10 00:30:06 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Valusoft [2011.03.28 20:17:17 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\VendelGAMES [2010.11.17 20:32:04 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\VeniceMysteryData [2013.06.18 14:38:58 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\viking_saga_en [2012.10.17 18:18:00 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Western Software Technologies [2011.03.13 12:38:54 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\WhiteBirdsProductions [2012.05.10 14:24:29 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\WiiSports101in1 [2010.11.22 14:12:50 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Wildlife Park 2 - Farm World [2012.08.30 15:28:09 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\World-Loom [2010.05.04 14:59:21 | 000,000,000 | ---D | M] -- C:\Users\Kiki\AppData\Roaming\Zylom ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:A3E39C6A @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:57B2B96C @Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:C07A6A6B @Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:315B4A13 @Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:5EF1AD34 @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:AC83EA04 @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:225CD7D5 @Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:A745DB5D @Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:6BFA43EB @Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:AFC732F7 @Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:A4E7D25F @Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:870649A4 @Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:B0456F0C @Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:F84B8DB5 @Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:B6D84F71 @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:8E5EA40F @Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:9BAC4211 @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:A4AF8D0D @Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:B54E4B5A @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:98DFF516 @Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:206470A5 @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:C22674B6 @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:A7DA2BCD @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:78E0DF72 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:90D89144 @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:4EE323A4 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C2F24DB5 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP31BE97C @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:6EA64886 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:28CDD861 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:13765436 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A76A1B1B @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5CE65446 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F6A0889A @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C8D1C36C @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:A5CD91DF @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:260575F1 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EDC744FB @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E5B07840 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9C3AAD57 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:737160C1 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:706B1D1A @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:17EB5BAE @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:9CF728A6 @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:5CE91C67 GMER GMER Logfile: Code: Alles auswählenAufklappen GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-07-03 21:50:28 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBFO 232,89GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Kiki\AppData\Local\Temp\pxlyafow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8B354000, 0x4036D, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8B39D000, 0x510, 0x40000040] .text C:\Windows\system32\drivers\ACEDRV08.sys section is writeable [0x81C08000, 0x328BA, 0xE8000020] .pklstb C:\Windows\system32\drivers\ACEDRV08.sys entry point in ".pklstb" section [0x81C4C000] .relo2 C:\Windows\system32\drivers\ACEDRV08.sys unknown last section [0x81C68000, 0x8E, 0x42000040] .vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xB011069D] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3208] kernel32.dll!LoadLibraryW 762C93F0 5 Bytes JMP 6CE58460 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3208] kernel32.dll!LoadLibraryA 762C956C 5 Bytes JMP 6CE58360 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x85 0x98 0xFD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0x3C 0x3B 0x3E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x40 0x3D 0x47 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x85 0x98 0xFD ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0x3C 0x3B 0x3E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x40 0x3D 0x47 ... ---- EOF - GMER 2.1 ---- --- --- --- GMER Logfile: Code: Alles auswählenAufklappen GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-07-03 21:50:59 Windows 6.0.6002 Service Pack 2 Running: gmer_2.1.19163.exe; Driver: C:\Users\Kiki\AppData\Local\Temp\pxlyafow.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x85 0x98 0xFD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0x3C 0x3B 0x3E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x40 0x3D 0x47 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x85 0x98 0xFD ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0x3C 0x3B 0x3E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x40 0x3D 0x47 ... ---- EOF - GMER 2.1 ---- --- --- --- GMER Logfile: Code: Alles auswählenAufklappen GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-07-03 21:50:59 Windows 6.0.6002 Service Pack 2 Running: gmer_2.1.19163.exe; Driver: C:\Users\Kiki\AppData\Local\Temp\pxlyafow.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x85 0x98 0xFD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0x3C 0x3B 0x3E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x40 0x3D 0x47 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x85 0x98 0xFD ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF8 0x3C 0x3B 0x3E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x40 0x3D 0x47 ... ---- EOF - GMER 2.1 ---- --- --- --- Danke schönen Abend noch. Geändert von Tizzia (Gestern um 22:04 Uhr) Ich hoffe das reicht ich kann nicht ersehen ob mein Rechner infiziert ist, kann mir bitte jemand helfen. MFG Tizzia  |
|
04.07.2013, 08:01
| #2 |
| /// the machine /// TB-Ausbilder    |  Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
 So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
04.07.2013, 22:24
| #3 |
| | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hochCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2013
Ran by Kiki at 2013-07-04 22:52:42
Running from C:\Users\Kiki\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Abenteuer Rom - Das Raetsel Der Steine 1.00 (Version: 1.00)
Adobe AIR (Version: 3.7.0.1530)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
AIM
Akamai NetSession Interface Service
Allgemeine Runtime Files (x86) (Version: 1.0.3.2)
Amazing Adventures The Lost Tomb Deluxe (HKCU Version: 1.0.0)
Amazon Kindle
Big Fish Games: Game Manager (Version: 2.0.0.28)
calibre (Version: 0.9.37)
Camera RAW Plug-In for EPSON Creativity Suite (Version: 2.3.0.0)
CCleaner (Version: 4.01)
CD/DVD Drive Acoustic Silencer (Version: 2.02.01)
Citrix Authentication Manager (Version: 4.0.0.53726)
Citrix Receiver (DV) (Version: 13.4.0.25)
Citrix Receiver (HDX Flash-Umleitung) (Version: 13.4.0.25)
Citrix Receiver (USB) (Version: 13.4.0.25)
Citrix Receiver (Version: 13.4.0.25)
Citrix Receiver Inside (Version: 3.4.0.29585)
Citrix Receiver Updater (Version: 3.4.0.29577)
Citrix Receiver(Aero) (Version: 13.4.0.25)
com! Update Pack Builder 2008/09 4.1.1
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Cradle of Rome 2
D3DX10 (Version: 15.4.2368.0902)
Desktop SMS (Version: 1.2.0)
Die große Kartenspiele-Box (Version: Die große Kartenspiele-Box)
Die Legende von Atlantis - Perlen aus der Tiefe 1.00 (Version: 1.00)
Die Wiege Ägyptens - Sammleredition
Die Wiege Roms
Dropbox (HKCU Version: 2.0.22)
DVD MovieFactory for TOSHIBA (Version: 5.51)
DVDVideoSoftTB DE Toolbar (Version: 6.9.0.16)
EPSON Stylus SX400 Series Printer Uninstall
Farm Tribe 2 1.00 (Version: 1.00)
Firebird SQL Server - MAGIX Edition (Version: 2.1.26.0)
Flatcast Viewer Plugin 5.2.2.454
Flatcast Viewer Plugin 5.3.0.784
Google Chrome (Version: 27.0.1453.116)
Google Drive (Version: 1.10.4769.632)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.145)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.021)
HTC Sync (Version: 3.2.20)
IncrediMail (Version: 6.2.9.5079)
IncrediMail 2.0 (Version: 6.2.9.5079)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IsoBuster 2.4 (Version: 2.4)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 26 (Version: 6.0.260)
Java(TM) 6 Update 3 (Version: 1.6.0.30)
Java(TM) 6 Update 7 (Version: 1.6.0.70)
Junk Mail filter update (Version: 15.4.3502.0922)
Kingdom Chronicles Sammleredition 1.00 (Version: 1.00)
MAGIX Digital Foto Maker SE 4.1.0.835 (D) (Version: 4.1.0.835)
McAfee Internet Security Suite (Version: 11.6.511)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU (Version: 3.2.30729)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Microsoft XML Parser (Version: 8.0.7820.0)
Microsoft XML Parser (Version: 8.20.8730.4)
MKV Player 2.1.3
Mobipocket Creator 4.2 (Version: 4.2.41)
Mozilla Firefox 21.0 (x86 de) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero BurnLite 10 (Version: 10.0.10500.5.100)
Nero BurnLite 10 (Version: 10.0.10600)
Nero Control Center 10 (Version: 10.0.13100.3.1)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700)
Nero Core Components 10 (Version: 2.0.15100.0.1)
Nero Update (Version: 1.0.0018)
Online Plug-in (Version: 13.4.0.25)
OpenAL
PC Connectivity Solution (Version: 8.15.0.0)
Picasa 3 (Version: 3.9)
ProtectDisc Driver, Version 11 (Version: 11.0.0.14)
QuickTime (Version: 7.71.80.42)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5559)
Realtek USB 2.0 Card Reader (Version: )
Recuva (Version: 1.45)
Restaurant Rush
Ritter Arthur 3
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0)
Secure Download Manager (Version: 3.0.3)
Segoe UI (Version: 15.4.2271.0615)
Self-Service Plug-in (Version: 3.4.0.33684)
Shared C Run-time for x86 (Version: 10.0.0)
Skype™ 6.5 (Version: 6.5.158)
Spy Emergency 2008
Spybot - Search & Destroy (Version: 1.6.2)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
System Requirements Lab
The Cross Formula 1.0.0.0 (Version: 1.0.0.0)
The Keepers 2 - Das Geheimnis des Waechterordens SA 1.00 (Version: 1.00)
TOSHIBA ConfigFree (Version: 7.1.27)
TOSHIBA DVD PLAYER (Version: 1.20.10)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Hardware Setup (Version: 2.00.06)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
TOSHIBA Supervisor Password (Version: 2.00.03)
TOSHIBA Value Added Package (Version: 1.1.14)
TRDCReminder (Version: 1.00.0014)
TRORDCLauncher (Version: 1.0.0.1)
TuneUp Utilities 2009 (Version: 8.0.3310.3)
UBitMenuDE (Version: 01.04)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Usenet.nl
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Viewpoint Media Player
VLC media player 0.9.2 (Version: 0.9.2)
Winamp (Version: 5.541 )
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Encoder 9-Reihe
Windows Media Encoder 9-Reihe (Version: 9.00.3374)
Xvid MPEG-4 Video Codec
Yahoo! Software Update
==================== Restore Points =========================
26-06-2013 15:40:19 Installed Skype™ 6.5
26-06-2013 15:55:48 Gerätetreiber-Paketinstallation: Labtec Bildverarbeitungsgeräte
27-06-2013 03:21:09 Windows Update
27-06-2013 16:24:51 Geplanter Prüfpunkt
28-06-2013 09:09:52 Windows Update
29-06-2013 04:43:37 Windows Update
30-06-2013 01:00:13 Windows Update
30-06-2013 19:17:39 Installed calibre
01-07-2013 08:59:46 Windows Update
02-07-2013 05:19:48 Windows Update
03-07-2013 07:05:53 Windows Update
04-07-2013 05:48:31 Windows Update
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0483A651-68B2-4E6B-9EB7-58F046D439C2} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3F99D9A1-80EC-419E-95B7-CF560914D62C} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {65563925-9F89-4155-9CEA-42558213F6E1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {67F8F44B-3011-475E-9F6B-6A5AE07D75F9} - System32\Tasks\1-Klick-Wartung => C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16] (TuneUp Software GmbH)
Task: {6CE41F12-FE70-4F74-A086-557320931466} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {8EFADE76-1744-44C0-9A4E-820F77E99A59} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-16] (Google Inc.)
Task: {A37A8694-A4C3-42EA-B275-4E370D91C83B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {A975B6DE-204D-4E50-86E2-1C171534ACC3} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Kiki => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {B5C8B94A-97A7-482E-9D1B-D50C001D7E46} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {CF99269A-AFEF-45B1-BB75-776E172B9E1A} - System32\Tasks\BFGLaunch_bfgprocess => C:\Program Files\bfgclient\bfgprocess.exe [2010-11-10] ()
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {E6C05CD9-9502-4A8A-8E26-9D3A2330F3CB} - System32\Tasks\BFGLaunch_bfgclient => C:\Program Files\bfgclient\bfgclient.exe [2010-11-10] ()
Task: {F35A771F-CE53-477B-84D4-CF15C5C5E285} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: {F65CBCCF-C7F6-4669-88AF-89FA49A3CD4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-16] (Google Inc.)
Task: {FCAFA005-E302-4169-A14E-A00E79528E3E} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/04/2013 07:49:47 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log enthalten.
Error: (07/04/2013 07:49:40 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden. Windows Installer kann nicht fortfahren.
Error: (07/03/2013 09:15:38 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, fehlerhaftes Modul gmer_2.1.19163.exe, Version 2.1.19163.0, Zeitstempel 0x515d31f0, Ausnahmecode 0xc0000005, Fehleroffset 0x00012288,
Prozess-ID 0x1458, Anwendungsstartzeit gmer_2.1.19163.exe0.
Error: (07/03/2013 09:01:49 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (07/03/2013 08:24:00 PM) (Source: Application Hang) (User: )
Description: Programm SpyEmergency.exe, Version 5.0.605.0 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 12d4
Anfangszeit: 01ce781876861b58
Zeitpunkt der Beendigung: 16
Error: (07/03/2013 09:07:13 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log enthalten.
Error: (07/03/2013 09:07:06 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden. Windows Installer kann nicht fortfahren.
Error: (07/02/2013 07:21:07 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log enthalten.
Error: (07/02/2013 07:20:58 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Produkt: Microsoft .NET Framework 1.1 -- Fehler 1706.Für das Produkt "Microsoft .NET Framework 1.1" wurde kein gültiger Quellcode gefunden. Windows Installer kann nicht fortfahren.
Error: (07/01/2013 04:53:04 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung htcUPCTLoader.exe, Version 1.0.2.34, Zeitstempel 0x4f8cde22, fehlerhaftes Modul HtcDetect.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4f8cccb6, Ausnahmecode 0xc0000005, Fehleroffset 0x02d82f2e,
Prozess-ID 0xf04, Anwendungsstartzeit htcUPCTLoader.exe0.
System errors:
=============
Error: (07/04/2013 07:51:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202
Error: (07/03/2013 07:49:19 PM) (Source: Service Control Manager) (User: )
Description: Spy Emergency Engine Service%%1053
Error: (07/03/2013 07:49:19 PM) (Source: Service Control Manager) (User: )
Description: 30000Spy Emergency Engine Service
Error: (07/03/2013 09:09:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202
Error: (07/02/2013 07:22:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202
Error: (07/01/2013 10:36:13 PM) (Source: Service Control Manager) (User: )
Description: 30000Akamai
Error: (07/01/2013 11:05:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202
Error: (06/30/2013 03:03:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202
Error: (06/29/2013 10:42:13 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error: (06/29/2013 06:47:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: 0x80070643Sicherheitsupdate für Microsoft .NET Framework 1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597){80914F48-FE80-479C-86DB-DBA893EF9397}202
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-03-10 12:47:00.907
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-03-10 12:47:00.656
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-01 09:39:01.484
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-02-01 09:39:00.901
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-28 19:08:09.918
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-28 19:08:09.687
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-12 13:27:21.315
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-12 13:27:21.123
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\igdumd32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-12 13:27:20.929
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\IDM\Desktop SMS\oehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-10-12 13:27:20.736
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\IDM\Desktop SMS\oehook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 3061.22 MB
Available physical RAM: 1919.77 MB
Total Pagefile: 6326.73 MB
Available Pagefile: 4629.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.91 MB
==================== Drives ================================
Drive c: (Kiki-1) (Fixed) (Total:116.37 GB) (Free:16.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Kiki-2) (Fixed) (Total:115.05 GB) (Free:1.79 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: B4ECF4B8)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=115 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Kiki (administrator) on 04-07-2013 22:50:16
Running from C:\Users\Kiki\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Program Files\ICQ6Toolbar\ICQ Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(NETGATE Technologies s.r.o.) C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Akamai Technologies, Inc.) C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Akamai Technologies, Inc.) C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278064 2013-03-13] (McAfee, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()
HKLM\...\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe" [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19604072 2013-06-03] (Skype Technologies S.A.)
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
HKLM SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304564
SearchScopes: HKLM - {041E2009-2712-4AD9-A4AC-50F9D8539177} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304564
HKCU SearchScopes: DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109868&tt=050412_30b&babsrc=SP_ss&mntrId=bc13d0e4000000000000001f3cb8cb39
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=109868&tt=050412_30b&babsrc=SP_ss&mntrId=bc13d0e4000000000000001f3cb8cb39
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {AED1B68C-71DD-456A-ADB9-FB10DFDDE206} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
SearchScopes: HKCU - {CD10120B-C165-4f8d-8C74-639629E238FF} URL = hxxp://mystart.magentic.com/?search={searchTerms}&loc=search_box
SearchScopes: HKCU - {E08A9998-D98F-476f-8F5C-37C80FE0A4DA} URL = hxxp://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
BHO: DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130421192142.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKCU -No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKCU -DVDVideoSoftTB DE Toolbar - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default
FF user.js: detected! => C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://search.babylon.com/?babsrc=HP_Prot
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=0.9.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\Kiki\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\searchplugins\SweetIM Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.gif
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.src
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Conduit Engine - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\engine@conduit.com
FF Extension: Cooliris - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\piclens@cooliris.com
FF Extension: DVDVideoSoftTB DE - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: SweetIM Toolbar - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{694b57c6-ad53-4442-8290-c5539e368aac}
FF Extension: adblockpopups - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: toolbar - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\toolbar@gmx.net.xpi
FF Extension: wisestamp - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\wisestamp@wisestamp.com.xpi
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files\Common Files\McAfee\SystemCore
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage: hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={A9249580-4308-11DE-AEAA-001E3368F9BD}
CHR RestoreOnStartup: "hxxp://home.sweetim.com/?crg=3.02010003&st=12&barid={A9249580-4308-11DE-AEAA-001E3368F9BD}", "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.0.147) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 7) - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Flatcast Viewer Plugin 5.2.2.454) - C:\Program Files\Mozilla Firefox\plugins\NpFv522.dll (1 mal 1 Software GmbH)
CHR Plugin: (Flatcast Viewer Plugin 5.3.0.784) - C:\Program Files\Mozilla Firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Zylom Plugin) - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\GamingWonderland\bar\1.bin\NPgtStub.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll ()
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [222456 2008-06-10] ()
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
S3 Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpyEmrgSrv; C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe [727608 2009-01-19] (NETGATE Technologies s.r.o.)
R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361288 2011-12-07] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604488 2011-12-07] (TuneUp Software)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 RelevantKnowledge; C:\Program Files\RelevantKnowledge\rlservice.exe /service [x]
==================== Drivers (Whitelisted) ====================
R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2009-12-22] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
S3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [22016 2005-01-19] (Labtec Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210608 2013-02-19] (McAfee, Inc.)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [211712 2005-01-19] (Labtec Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-02-21] (Duplex Secure Ltd.)
R1 SpyEmrg; C:\Windows\System32\Drivers\spyemrg.sys [12344 2008-02-05] (NETGATE Technologies s.r.o.)
R3 SpyEmrgAccess; C:\Windows\System32\Drivers\spyemrg_access.sys [15288 2008-08-11] (NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\Windows\System32\Drivers\spyemrg_guard.sys [14392 2008-02-05] (NETGATE Technologies s.r.o.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U3 mfeavfk01; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:52 - 2013-07-04 20:48 - 00043870 ____A C:\Windows\WindowsUpdate.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-07-01 13:33 - 2013-07-01 13:33 - 00000000 ____D C:\Users\Kiki\AppData\Local\{EB7447EE-75B8-4B5D-BE7C-435A3993793F}
2013-06-30 21:14 - 2013-06-30 21:15 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-29 12:15 - 2013-06-29 12:15 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\acccore
2013-06-29 12:12 - 2013-06-29 12:12 - 00001802 ____A C:\Users\Public\Desktop\AOL Instant Messenger.lnk
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\Users\Kiki\AppData\Local\AOL OCP
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\Viewpoint
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\Program Files\Viewpoint
2013-06-29 12:11 - 2013-06-29 12:12 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:11 - 2013-06-29 12:12 - 00000000 ____D C:\Program Files\AIM6
2013-06-29 12:11 - 2013-06-29 12:11 - 00000000 ____D C:\Program Files\Common Files\AOL
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:20 - 2013-06-27 19:51 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:41 - 2013-06-26 17:41 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ___RD C:\Program Files\Skype
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-26 17:38 - 2013-06-26 17:39 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:14 - 2013-06-15 10:20 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-13 08:47 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:47 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:47 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 08:47 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 08:47 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 08:47 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:47 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 08:47 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 08:47 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 08:46 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 08:46 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 08:46 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 08:46 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 08:46 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 09:31 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:31 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:31 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:31 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-10 23:56 - 2013-06-11 00:01 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-09 08:14 - 2013-06-09 08:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm Tribe 2
2013-06-05 10:54 - 2013-06-05 10:55 - 00343931 ____A C:\Users\Kiki\Documents\Thomas Reichelt.xps
2013-06-04 22:46 - 2013-06-04 22:46 - 00004868 ____A C:\Users\Kiki\Downloads\6302faa856850680ddca153884302543 (1).dlc
2013-06-04 22:44 - 2013-06-04 22:44 - 00004868 ____A C:\Users\Kiki\Downloads\6302faa856850680ddca153884302543.dlc
2013-06-04 17:01 - 2013-06-04 17:01 - 00000000 ____D C:\Users\Kiki\AppData\Local\{49647C14-DA28-4B8F-B547-CD4D11231D7C}
==================== One Month Modified Files and Folders ========
2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 22:47 - 2013-07-03 19:52 - 00043870 ____A C:\Windows\WindowsUpdate.log
2013-07-04 22:41 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 22:41 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 22:29 - 2011-09-16 11:51 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-04 22:00 - 2011-12-07 15:25 - 00000522 ____A C:\Windows\Tasks\1-Klick-Wartung.job
2013-07-04 21:55 - 2012-04-04 18:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-04 21:05 - 2013-01-06 00:12 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Skype
2013-07-04 20:53 - 2012-04-04 19:03 - 00001741 ____A C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2013-07-04 20:43 - 2012-06-04 11:54 - 00000000 ____D C:\Users\Kiki\AppData\Local\Htc
2013-07-04 20:41 - 2011-09-16 11:51 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-04 20:41 - 2011-08-13 21:10 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-07-04 20:41 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-04 09:01 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:13 - 2010-11-19 20:54 - 00001091 ____A C:\Users\Kiki\Desktop\Spybot - Search & Destroy.lnk
2013-07-03 20:11 - 2010-11-19 20:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:46 - 2013-07-03 19:45 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:46 - 2013-07-03 19:45 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-03 19:45 - 2008-10-06 11:46 - 00000000 ___AD C:\users\Kiki
2013-07-03 18:05 - 2013-02-23 21:52 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Dropbox
2013-07-02 14:10 - 2008-10-06 12:04 - 00116736 ____A C:\Users\Kiki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-07-01 13:33 - 2013-07-01 13:33 - 00000000 ____D C:\Users\Kiki\AppData\Local\{EB7447EE-75B8-4B5D-BE7C-435A3993793F}
2013-07-01 11:04 - 2008-01-21 09:16 - 01456404 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-30 21:19 - 2012-04-25 21:08 - 00000847 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-30 21:19 - 2012-04-25 21:07 - 00000000 ____D C:\Program Files\Calibre2
2013-06-30 21:15 - 2013-06-30 21:14 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 10:48 - 2008-10-06 13:17 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Winamp
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-30 07:05 - 2011-06-13 20:09 - 00000000 ____D C:\Windows\Minidump
2013-06-29 19:47 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Usenet.nl
2013-06-29 19:38 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\Documents\Usenet.nl
2013-06-29 12:15 - 2013-06-29 12:15 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\acccore
2013-06-29 12:12 - 2013-06-29 12:12 - 00001802 ____A C:\Users\Public\Desktop\AOL Instant Messenger.lnk
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\Users\Kiki\AppData\Local\AOL OCP
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\Viewpoint
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\Program Files\Viewpoint
2013-06-29 12:12 - 2013-06-29 12:11 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:12 - 2013-06-29 12:11 - 00000000 ____D C:\Program Files\AIM6
2013-06-29 12:11 - 2013-06-29 12:11 - 00000000 ____D C:\Program Files\Common Files\AOL
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 18:53 - 2011-11-10 04:01 - 00000000 ____D C:\Users\Kiki\AppData\Local\Akamai
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:51 - 2013-06-27 19:20 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-27 00:06 - 2012-12-15 04:08 - 00262144 ____A C:\Windows\System32\config\ELAM
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:56 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\twain_32
2013-06-26 17:41 - 2013-06-26 17:41 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ___RD C:\Program Files\Skype
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-26 17:41 - 2013-01-06 00:11 - 00000000 ____D C:\ProgramData\Skype
2013-06-26 17:39 - 2013-06-26 17:38 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-26 15:34 - 2012-09-13 16:40 - 00001977 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 18:56 - 2012-02-26 05:30 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\AlawarEntertainment
2013-06-15 18:51 - 2012-12-30 13:13 - 00000000 ____D C:\Program Files\GameforgeLive
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:20 - 2013-06-15 10:14 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-15 08:07 - 2013-02-23 21:55 - 00000922 ____A C:\Users\Kiki\Desktop\Dropbox.lnk
2013-06-13 17:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 08:49 - 2008-02-25 10:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 08:42 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-11 23:56 - 2012-04-04 18:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 23:56 - 2011-06-13 20:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000AAaa000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-11 00:01 - 2013-06-10 23:56 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 20:22 - 2008-10-27 20:54 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\cerasus.media
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-09 10:29 - 2012-05-04 06:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-09 08:14 - 2013-06-09 08:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm ATribe 2
2013-06-05 10:55 - 2013-06-05 10:54 - 00343931 ____A C:\Users\Kiki\Documents\Thomas Reichelt.xps
2013-06-04 22:46 - 2013-06-04 22:46 - 00004868 ____A C:\Users\Kiki\Downloads\6302faa856850680ddca153884302543 (1).dlc
2013-06-04 22:44 - 2013-06-04 22:44 - 00004868 ____A C:\Users\Kiki\Downloads\6302faa856850680ddca153884302543.dlc
2013-06-04 17:01 - 2013-06-04 17:01 - 00000000 ____D C:\Users\Kiki\AppData\Local\{49647C14-DA28-4B8F-B547-CD4D11231D7C}
2013-06-04 10:59 - 2013-05-26 18:19 - 00000000 ____D C:\Users\Kiki\Desktop\Erika
Files to move or delete:
====================
C:\ProgramData\go_0molg.pad
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-04 20:49
==================== End Of Log ============================
Dann hoffe ich mal das ich alles richtig gemacht lg Tizzia  |
|
05.07.2013, 09:08
| #4 | |
| /// the machine /// TB-Ausbilder | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hochCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.07.2013, 19:19
| #5 |
| | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Guten Abend ... leider läuft dieses Combofix bei mir nicht bekomme die Meldung..... Wiederherrstellungspunkt wird erstellt scannt ihren Rechner und dann kommt SYNTAXFEHLER....innerhalb von Sekunden... lg Tizzia: Balla: : Killpc: |
|
06.07.2013, 08:42
| #6 |
| /// the machine /// TB-Ausbilder | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Komisch Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ --> Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch |
|
06.07.2013, 11:06
| #7 |
| | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Dies war der erste Streich..... Code:
ATTFilter # AdwCleaner v2.304 - Datei am 06/07/2013 um 11:53:18 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Kiki - SOULFRIENDS1
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kiki\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : ICQ Service
Gestoppt & Gelöscht : RelevantKnowledge
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\searchplugins\SweetIM Search.xml
Datei Gelöscht : C:\Windows\system32\roboot.exe
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Program Files\Free Ride Games
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Program Files\Viewpoint
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\iWin
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Users\Kiki\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Kiki\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Kiki\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Kiki\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Kiki\AppData\LocalLow\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Users\Kiki\AppData\LocalLow\GamingWonderland
Ordner Gelöscht : C:\Users\Kiki\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Conduit
Ordner Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\ConduitEngine
Ordner Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\CT2625848
Ordner Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Ordner Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\extensions\engine@conduit.com
Ordner Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Smartbar
Ordner Gelöscht : C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\SweetIMToolbarData
Ordner Gelöscht : C:\Users\Kiki\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
|
|
06.07.2013, 11:11
| #8 |
| /// the machine /// TB-Ausbilder | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch wenn du durch bist bitte COmbofix löschen und neu laden, laufen lassen. Das Problem wurde behoben 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.07.2013, 11:21
| #9 |
| | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Nach dem FRST lasse ich den Combofix laufen... Erstmal vielen lieben Dank für Deine Hilfe... Dies ist der zweite Teil... Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Kiki on 06.07.2013 at 12:14:01,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AED1B68C-71DD-456A-ADB9-FB10DFDDE206}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\Kiki\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\Kiki\AppData\Roaming\systweak"
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{051EC767-4C64-4880-BECB-9C9BD12BA00A}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{070D9F1D-0384-4336-83F0-3794BB9ECDFA}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{0911463D-D311-4908-995D-DCA93DFA5034}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{0BD44A45-A9B3-4C6F-8AC7-34EECCD0ED3B}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{0CC8F6A7-E1BF-4AB8-910E-DDA9702E083F}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{0D04EECA-FBEA-45F0-A341-BE2AB2878A15}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{12EFCD2C-DD10-4913-9F05-FDB866C630D7}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{169B3A13-F8B6-4BD9-A717-2C5179B1CACD}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{1EA8CAC1-50B5-457E-9C7B-28185797F0B8}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{2279403B-68C9-4A97-A4AD-995BCD61F4F8}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{278AD1BA-70C9-4FDF-84DE-B6E755C0C821}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{2EE2B46D-A658-4057-B90B-DBEB85360279}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{341BE17F-E2E9-4B7A-90BB-79232782E51C}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{375EC84D-986E-40A5-8CC5-C0EC18C26F65}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{387318EC-C50E-4E53-90EF-F7156322D9B4}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{3DFA490A-7544-4B4E-A432-330BCAE0F65E}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{4036AF6F-E662-43A2-A9D4-C324D1B77372}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{45C67710-5B4E-438C-86AB-510B74F31840}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{4678BDFC-6B97-43E1-A9AB-39146C1323AF}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{4833E803-25C5-4B7A-A564-EC38A1608CCA}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{49647C14-DA28-4B8F-B547-CD4D11231D7C}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{49D31BFD-DB6E-4D36-83BF-E206C265FFF7}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{4B21805B-A3B6-4D60-8F85-79DE912BB5BF}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{4F66DB52-641D-46C6-9C78-38802086DE7D}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{5129303A-D694-4622-93F3-2C02BEC885FE}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{5513BFBD-678B-4DF8-96EA-7EB2F79BF3BA}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{5637CBB0-BC05-439E-9533-635D19E9CF45}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{616E8CAC-78B0-4960-A566-F36CFE6F6AE8}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{66A604BA-6E4C-4E68-882F-8F0164C17A41}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{66AF18C5-76A7-4175-9FF2-6F8C8BC3C980}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{687994B0-B37E-4D59-A341-5E3E5E072272}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{6A4BB70E-DBCA-4C6F-A665-1110892DAB05}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{7102D115-E357-4DD4-9C3C-06510CAB86B9}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{76920DA1-46A1-417F-A9D4-2BA8773ED2AC}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{7BEFBA49-5F79-4BDB-A0DB-F876139D8B38}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{7E4E8E38-C6A6-4971-A82A-55A5690A8080}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{8265FCE6-818B-4E18-9777-7547C79BBA14}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{8499B857-E8BC-47AE-81AF-92621F0ABDB7}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{8B13C37C-3A3C-4088-B845-FBFCED6E2ECE}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{8CDDFF03-E3DF-498C-B3CE-818B6E267E34}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{8F67FC18-C73A-44DF-81C1-0D023C9230DF}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{9084532B-9A9E-4CA8-B092-E174B596486C}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{92668636-8B59-42BB-A324-B9E930EE4897}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{92B182E5-C85E-42B6-85D2-8B26BFC493F3}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{952006AD-55C0-4A10-B964-0755C67B32F3}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{965C1382-60B5-4C94-AC2D-E10A42B319CB}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{96881EE9-A801-4AE7-A4E3-E10B026EF8AC}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{A02D1600-4594-4BEB-8128-042BD7790173}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{A2F59890-3BEE-40A0-B4C3-C3B01637D6E0}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{A57BF59E-2E4A-47CC-A3D1-5C12FD3D8329}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{ABA02DEA-025F-4772-B137-ABEAB12AB415}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{ACABBE11-CCA7-4961-A97A-A95E43AF8D3A}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{AF755D45-ACF3-4517-B80C-8C89A1665F27}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{B3A07C95-7508-4FA4-BD68-0D881BBE6300}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{B85C452C-F566-49FB-9365-A4C2DD5054F6}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{BADC35DB-0493-4826-9CA7-A5E523003E52}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{BDD5D12A-923A-49F6-AD65-B0CE1049BCDC}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{BE36D1E2-179C-43CE-B2F5-7AEEA346163A}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{C7327C0A-62A7-49B6-8AE8-134DBA58F6A9}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{C9E7FE6E-38AC-41A4-B98D-94B97CF15F4E}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{CC17AA42-0933-4A1F-BCC5-4DFD55DB48B8}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{CFEC65A1-5F0F-419F-8BC1-7D5CA81B59E4}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{D31C7DE5-8C26-48AA-98EB-97DDCA0C6296}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{D82FC686-2B70-47C6-9FF7-05E5F20BB442}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{DD82CB5E-7B36-4E04-ADAE-721AC981153C}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{DDAA7F84-66BF-4691-9638-8E3D5F832B74}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{DE17851E-BD46-4558-81A4-D9EEE51E7423}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{DEBA5BA6-B177-41A7-B070-199B58E7360C}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{E0BCBB0D-3041-4A41-9B62-74F240B3C9B2}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{E71805B8-53F8-46AE-A81F-72E372670FCC}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{EB7447EE-75B8-4B5D-BE7C-435A3993793F}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{EBDF99AA-3337-403E-8C4B-880D26229EF7}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{EDE08880-D303-4CA2-A43B-32F1C1CB7A47}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{EED5AD63-27B0-4BD5-8F79-128C9130204F}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{EF1125AC-0E62-4DE2-9791-E6E363694028}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{F038FA52-3BBE-4EA7-AFD8-313788624947}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{F20BE923-9EF7-4286-8C93-DF09103D3E69}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{F2B10082-1B1C-4279-8E6C-32BE919A1A91}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{F8B30230-69C9-4F9F-A141-F5544026140A}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{FA268A60-E33A-4AC1-A15B-C266205B1DF0}
Successfully deleted: [Empty Folder] C:\Users\Kiki\appdata\local\{FBC8D14B-741B-4186-9711-0B50C8810791}
~~~ FireFox
Emptied folder: C:\Users\Kiki\AppData\Roaming\mozilla\firefox\profiles\0ocgl157.default\minidumps [47 files]
~~~ Event Viewer Logs were cleared
|
|
06.07.2013, 11:22
| #10 |
| /// the machine /// TB-Ausbilder | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.07.2013, 11:31
| #11 |
| | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hochFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Kiki (administrator) on 06-07-2013 12:28:30
Running from C:\Users\Kiki\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(NETGATE Technologies s.r.o.) C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
(Akamai Technologies, Inc.) C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Akamai Technologies, Inc.) C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Core\mchost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278064 2013-03-13] (McAfee, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()
HKLM\...\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe" [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19604072 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Policies\system: [disableregistrytools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - {041E2009-2712-4AD9-A4AC-50F9D8539177} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=0.9.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\Kiki\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.gif
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.src
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Cooliris - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\piclens@cooliris.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: SweetIM Toolbar - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{694b57c6-ad53-4442-8290-c5539e368aac}
FF Extension: adblockpopups - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: toolbar - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\toolbar@gmx.net.xpi
FF Extension: wisestamp - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\wisestamp@wisestamp.com.xpi
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
S3 Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpyEmrgSrv; C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe [727608 2009-01-19] (NETGATE Technologies s.r.o.)
R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361288 2011-12-07] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604488 2011-12-07] (TuneUp Software)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
==================== Drivers (Whitelisted) ====================
R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2009-12-22] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
S3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [22016 2005-01-19] (Labtec Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210608 2013-02-19] (McAfee, Inc.)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [211712 2005-01-19] (Labtec Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-02-21] (Duplex Secure Ltd.)
R1 SpyEmrg; C:\Windows\System32\Drivers\spyemrg.sys [12344 2008-02-05] (NETGATE Technologies s.r.o.)
R3 SpyEmrgAccess; C:\Windows\System32\Drivers\spyemrg_access.sys [15288 2008-08-11] (NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\Windows\System32\Drivers\spyemrg_guard.sys [14392 2008-02-05] (NETGATE Technologies s.r.o.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U3 mfeavfk01; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-06 12:16 - 2013-07-06 12:16 - 00009844 ____A C:\Users\Kiki\Desktop\JRT.txt
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\JRT
2013-07-06 11:53 - 2013-07-06 11:53 - 00039692 ____A C:\AdwCleaner[S1].txt
2013-07-06 11:46 - 2013-07-06 11:46 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Kiki\Desktop\JRT.exe
2013-07-06 11:45 - 2013-07-06 11:45 - 00650027 ____A C:\Users\Kiki\Desktop\adwcleaner.exe
2013-07-05 21:28 - 2013-07-06 11:55 - 00005672 ____A C:\Windows\PFRO.log
2013-07-05 20:04 - 2013-07-05 20:05 - 00000000 ___SD C:\ComboFix
2013-07-05 20:01 - 2013-07-05 20:01 - 05085843 ____R (Swearware) C:\Users\Kiki\Desktop\ComboFix.exe
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Windows\erdnt
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Qoobox
2013-07-05 19:43 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-05 19:43 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-05 19:43 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-05 19:42 - 2013-07-05 20:04 - 00000000 ___SD C:\32788R22FWJFW
2013-07-04 22:52 - 2013-07-04 23:17 - 00000001 ____A C:\Users\Kiki\Desktop\Addition.txt
2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:52 - 2013-07-06 12:18 - 00162876 ____A C:\Windows\WindowsUpdate.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-06-30 21:14 - 2013-06-30 21:15 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-29 12:12 - 2013-07-06 08:38 - 00000000 ____D C:\ProgramData\AOL
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:11 - 2013-06-29 12:12 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:20 - 2013-06-27 19:51 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:41 - 2013-06-26 17:41 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ___RD C:\Program Files\Skype
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-26 17:38 - 2013-06-26 17:39 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:14 - 2013-06-15 10:20 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-13 08:47 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:47 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:47 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 08:47 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 08:47 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 08:47 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:47 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 08:47 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 08:47 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 08:46 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 08:46 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 08:46 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 08:46 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 08:46 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 09:31 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:31 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:31 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:31 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-10 23:56 - 2013-06-11 00:01 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-09 08:14 - 2013-07-06 12:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm Tribe 2
==================== One Month Modified Files and Folders ========
2013-07-06 12:29 - 2011-09-16 11:51 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-06 12:22 - 2013-06-09 08:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-06 12:18 - 2013-07-03 19:52 - 00162876 ____A C:\Windows\WindowsUpdate.log
2013-07-06 12:16 - 2013-07-06 12:16 - 00009844 ____A C:\Users\Kiki\Desktop\JRT.txt
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\JRT
2013-07-06 12:08 - 2013-01-06 00:12 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Skype
2013-07-06 12:00 - 2011-12-07 15:25 - 00000522 ____A C:\Windows\Tasks\1-Klick-Wartung.job
2013-07-06 11:59 - 2012-04-04 19:03 - 00001741 ____A C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2013-07-06 11:57 - 2012-12-15 04:08 - 00262144 ____A C:\Windows\System32\config\ELAM
2013-07-06 11:56 - 2012-06-04 11:54 - 00000000 ____D C:\Users\Kiki\AppData\Local\Htc
2013-07-06 11:55 - 2013-07-05 21:28 - 00005672 ____A C:\Windows\PFRO.log
2013-07-06 11:55 - 2011-09-16 11:51 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-06 11:55 - 2011-08-13 21:10 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-07-06 11:55 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-06 11:55 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-06 11:55 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-06 11:54 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-06 11:53 - 2013-07-06 11:53 - 00039692 ____A C:\AdwCleaner[S1].txt
2013-07-06 11:46 - 2013-07-06 11:46 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Kiki\Desktop\JRT.exe
2013-07-06 11:45 - 2013-07-06 11:45 - 00650027 ____A C:\Users\Kiki\Desktop\adwcleaner.exe
2013-07-06 08:55 - 2012-04-04 18:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-06 08:38 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL
2013-07-05 20:05 - 2013-07-05 20:04 - 00000000 ___SD C:\ComboFix
2013-07-05 20:04 - 2013-07-05 19:42 - 00000000 ___SD C:\32788R22FWJFW
2013-07-05 20:01 - 2013-07-05 20:01 - 05085843 ____R (Swearware) C:\Users\Kiki\Desktop\ComboFix.exe
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Windows\erdnt
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Qoobox
2013-07-05 19:41 - 2010-11-19 20:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-05 17:17 - 2008-01-21 09:16 - 01456404 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 17:16 - 2008-10-06 12:04 - 00123904 ____A C:\Users\Kiki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-04 23:17 - 2013-07-04 22:52 - 00000001 ____A C:\Users\Kiki\Desktop\Addition.txt
2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:13 - 2010-11-19 20:54 - 00001091 ____A C:\Users\Kiki\Desktop\Spybot - Search & Destroy.lnk
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:46 - 2013-07-03 19:45 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:46 - 2013-07-03 19:45 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-03 19:45 - 2008-10-06 11:46 - 00000000 ___AD C:\users\Kiki
2013-07-03 18:05 - 2013-02-23 21:52 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Dropbox
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-06-30 21:19 - 2012-04-25 21:08 - 00000847 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-30 21:19 - 2012-04-25 21:07 - 00000000 ____D C:\Program Files\Calibre2
2013-06-30 21:15 - 2013-06-30 21:14 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 10:48 - 2008-10-06 13:17 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Winamp
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-30 07:05 - 2011-06-13 20:09 - 00000000 ____D C:\Windows\Minidump
2013-06-29 19:47 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Usenet.nl
2013-06-29 19:38 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\Documents\Usenet.nl
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:12 - 2013-06-29 12:11 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 18:53 - 2011-11-10 04:01 - 00000000 ____D C:\Users\Kiki\AppData\Local\Akamai
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:51 - 2013-06-27 19:20 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:56 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\twain_32
2013-06-26 17:41 - 2013-06-26 17:41 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ___RD C:\Program Files\Skype
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-26 17:41 - 2013-01-06 00:11 - 00000000 ____D C:\ProgramData\Skype
2013-06-26 17:39 - 2013-06-26 17:38 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-26 15:34 - 2012-09-13 16:40 - 00001977 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 18:56 - 2012-02-26 05:30 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\AlawarEntertainment
2013-06-15 18:51 - 2012-12-30 13:13 - 00000000 ____D C:\Program Files\GameforgeLive
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:20 - 2013-06-15 10:14 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-15 08:07 - 2013-02-23 21:55 - 00000922 ____A C:\Users\Kiki\Desktop\Dropbox.lnk
2013-06-13 17:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 08:49 - 2008-02-25 10:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 08:42 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-11 23:56 - 2012-04-04 18:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 23:56 - 2011-06-13 20:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-11 00:01 - 2013-06-10 23:56 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 20:22 - 2008-10-27 20:54 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\cerasus.media
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-09 10:29 - 2012-05-04 06:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm Tribe 2
Files to move or delete:
====================
C:\ProgramData\go_0molg.pad
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-06 12:04
==================== End Of Log ============================
|
|
06.07.2013, 11:37
| #12 |
| /// the machine /// TB-Ausbilder | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Dann jetzt Combofix.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.07.2013, 11:57
| #13 |
| | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Kiki (administrator) on 06-07-2013 12:56:29
Running from C:\Users\Kiki\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(NETGATE Technologies s.r.o.) C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Core\mchost.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office12\POWERPNT.EXE
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office12\OIS.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278064 2013-03-13] (McAfee, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()
HKLM\...\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe" [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19604072 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Policies\system: [disableregistrytools] 0
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - {041E2009-2712-4AD9-A4AC-50F9D8539177} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=0.9.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\Kiki\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.gif
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.src
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Cooliris - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\piclens@cooliris.com
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\staged
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: SweetIM Toolbar - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{694b57c6-ad53-4442-8290-c5539e368aac}
FF Extension: adblockpopups - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: toolbar - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\toolbar@gmx.net.xpi
FF Extension: wisestamp - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\wisestamp@wisestamp.com.xpi
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\0ocgl157.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
S3 Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpyEmrgSrv; C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe [727608 2009-01-19] (NETGATE Technologies s.r.o.)
R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361288 2011-12-07] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604488 2011-12-07] (TuneUp Software)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
==================== Drivers (Whitelisted) ====================
R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2009-12-22] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
S3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [22016 2005-01-19] (Labtec Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210608 2013-02-19] (McAfee, Inc.)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [211712 2005-01-19] (Labtec Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-02-21] (Duplex Secure Ltd.)
R1 SpyEmrg; C:\Windows\System32\Drivers\spyemrg.sys [12344 2008-02-05] (NETGATE Technologies s.r.o.)
R3 SpyEmrgAccess; C:\Windows\System32\Drivers\spyemrg_access.sys [15288 2008-08-11] (NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\Windows\System32\Drivers\spyemrg_guard.sys [14392 2008-02-05] (NETGATE Technologies s.r.o.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U3 mfeavfk01; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-06 12:35 - 2013-07-06 12:36 - 00000000 ___SD C:\ComboFix
2013-07-06 12:16 - 2013-07-06 12:16 - 00009844 ____A C:\Users\Kiki\Desktop\JRT.txt
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\JRT
2013-07-06 11:53 - 2013-07-06 11:53 - 00039692 ____A C:\AdwCleaner[S1].txt
2013-07-06 11:46 - 2013-07-06 11:46 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Kiki\Desktop\JRT.exe
2013-07-06 11:45 - 2013-07-06 11:45 - 00650027 ____A C:\Users\Kiki\Desktop\adwcleaner.exe
2013-07-05 21:28 - 2013-07-06 11:55 - 00005672 ____A C:\Windows\PFRO.log
2013-07-05 20:01 - 2013-07-05 20:01 - 05085843 ____R (Swearware) C:\Users\Kiki\Desktop\ComboFix.exe
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Windows\erdnt
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Qoobox
2013-07-05 19:43 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-05 19:43 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-05 19:43 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-05 19:42 - 2013-07-06 12:35 - 00000000 ___SD C:\32788R22FWJFW
2013-07-04 22:52 - 2013-07-04 23:17 - 00000001 ____A C:\Users\Kiki\Desktop\Addition.txt
2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:52 - 2013-07-06 12:56 - 00185530 ____A C:\Windows\WindowsUpdate.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-06-30 21:14 - 2013-06-30 21:15 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-29 12:12 - 2013-07-06 08:38 - 00000000 ____D C:\ProgramData\AOL
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:11 - 2013-06-29 12:12 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:20 - 2013-06-27 19:51 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:41 - 2013-06-26 17:41 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ___RD C:\Program Files\Skype
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-26 17:38 - 2013-06-26 17:39 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:14 - 2013-06-15 10:20 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-13 08:47 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:47 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:47 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 08:47 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 08:47 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 08:47 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:47 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 08:47 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 08:47 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 08:46 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 08:46 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 08:46 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 08:46 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 08:46 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 09:31 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:31 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:31 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:31 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-10 23:56 - 2013-06-11 00:01 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-09 08:14 - 2013-07-06 12:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm Tribe 2
==================== One Month Modified Files and Folders ========
2013-07-06 12:56 - 2013-07-03 19:52 - 00185530 ____A C:\Windows\WindowsUpdate.log
2013-07-06 12:55 - 2012-04-04 18:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-06 12:36 - 2013-07-06 12:35 - 00000000 ___SD C:\ComboFix
2013-07-06 12:35 - 2013-07-05 19:42 - 00000000 ___SD C:\32788R22FWJFW
2013-07-06 12:29 - 2011-09-16 11:51 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-06 12:22 - 2013-06-09 08:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-06 12:16 - 2013-07-06 12:16 - 00009844 ____A C:\Users\Kiki\Desktop\JRT.txt
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\JRT
2013-07-06 12:08 - 2013-01-06 00:12 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Skype
2013-07-06 12:00 - 2011-12-07 15:25 - 00000522 ____A C:\Windows\Tasks\1-Klick-Wartung.job
2013-07-06 11:59 - 2012-04-04 19:03 - 00001741 ____A C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2013-07-06 11:57 - 2012-12-15 04:08 - 00262144 ____A C:\Windows\System32\config\ELAM
2013-07-06 11:56 - 2012-06-04 11:54 - 00000000 ____D C:\Users\Kiki\AppData\Local\Htc
2013-07-06 11:55 - 2013-07-05 21:28 - 00005672 ____A C:\Windows\PFRO.log
2013-07-06 11:55 - 2011-09-16 11:51 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-06 11:55 - 2011-08-13 21:10 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-07-06 11:55 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-06 11:55 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-06 11:55 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-06 11:54 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-06 11:53 - 2013-07-06 11:53 - 00039692 ____A C:\AdwCleaner[S1].txt
2013-07-06 11:46 - 2013-07-06 11:46 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Kiki\Desktop\JRT.exe
2013-07-06 11:45 - 2013-07-06 11:45 - 00650027 ____A C:\Users\Kiki\Desktop\adwcleaner.exe
2013-07-06 08:38 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL
2013-07-05 20:01 - 2013-07-05 20:01 - 05085843 ____R (Swearware) C:\Users\Kiki\Desktop\ComboFix.exe
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Windows\erdnt
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Qoobox
2013-07-05 19:41 - 2010-11-19 20:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-05 17:17 - 2008-01-21 09:16 - 01456404 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 17:16 - 2008-10-06 12:04 - 00123904 ____A C:\Users\Kiki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-04 23:17 - 2013-07-04 22:52 - 00000001 ____A C:\Users\Kiki\Desktop\Addition.txt
2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:13 - 2010-11-19 20:54 - 00001091 ____A C:\Users\Kiki\Desktop\Spybot - Search & Destroy.lnk
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:46 - 2013-07-03 19:45 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:46 - 2013-07-03 19:45 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-03 19:45 - 2008-10-06 11:46 - 00000000 ___AD C:\users\Kiki
2013-07-03 18:05 - 2013-02-23 21:52 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Dropbox
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-06-30 21:19 - 2012-04-25 21:08 - 00000847 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-30 21:19 - 2012-04-25 21:07 - 00000000 ____D C:\Program Files\Calibre2
2013-06-30 21:15 - 2013-06-30 21:14 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 10:48 - 2008-10-06 13:17 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Winamp
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-30 07:05 - 2011-06-13 20:09 - 00000000 ____D C:\Windows\Minidump
2013-06-29 19:47 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Usenet.nl
2013-06-29 19:38 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\Documents\Usenet.nl
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:12 - 2013-06-29 12:11 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 18:53 - 2011-11-10 04:01 - 00000000 ____D C:\Users\Kiki\AppData\Local\Akamai
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:51 - 2013-06-27 19:20 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:56 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\twain_32
2013-06-26 17:41 - 2013-06-26 17:41 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ___RD C:\Program Files\Skype
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-26 17:41 - 2013-01-06 00:11 - 00000000 ____D C:\ProgramData\Skype
2013-06-26 17:39 - 2013-06-26 17:38 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-26 15:34 - 2012-09-13 16:40 - 00001977 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 18:56 - 2012-02-26 05:30 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\AlawarEntertainment
2013-06-15 18:51 - 2012-12-30 13:13 - 00000000 ____D C:\Program Files\GameforgeLive
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:20 - 2013-06-15 10:14 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-15 08:07 - 2013-02-23 21:55 - 00000922 ____A C:\Users\Kiki\Desktop\Dropbox.lnk
2013-06-13 17:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 08:49 - 2008-02-25 10:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 08:42 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-11 23:56 - 2012-04-04 18:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 23:56 - 2011-06-13 20:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-11 00:01 - 2013-06-10 23:56 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 20:22 - 2008-10-27 20:54 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\cerasus.media
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-09 10:29 - 2012-05-04 06:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm Tribe 2
Files to move or delete:
====================
C:\ProgramData\go_0molg.pad
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-06 12:04
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Hallo, wie vorher läuft der Combofix wohl nicht richtig bei mir, bekomme wieder die Meldung SYNTAXFEHLER.... ich habe den FRST jetzt noch mal nach dem Versuch mit Combofix laufen lassen... einen lieben Gruß Tizzia Hallo nochmal, hinzu kommt jetzt Fehlermeldung beim Neustart Anwendungsinitialisierung 0X 800 106 b a. Der Dienst dieses Programmes wurde aufgrund eines Problems angehalten. Führen sie zum Start des Dienstes einen Neustart des Computers aus oder suchen Sie Hilfe unter Support und Hilfe, Informationen zum manuellen Start eines Dienstes ... sorry aber ich Glaube mein Rechner spinnt... Google kann ich als Browser nicht mehr benutzen gehe im Moment über FireFox rein... lg Tizzia Hallo schrauber, jetzt kann ich über Firefox auch nicht mehr online... wenn ich nach Facebook zum Beispiel gehe läuft nichts... Aber ich habe ja den Internetexplorer noch...damit funktioniert es ... plöder Rechner ... ja ich weis es liegt immer an dem der dran sitzt.... also plöder Nutzer***g** lg Tizzia |
|
06.07.2013, 14:52
| #14 |
| /// the machine /// TB-Ausbilder | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Hi, immer langsam. Firefox komplett zurücksetzen. Setze folgendermassen den Internet Explorer zurück:
Hast Du Combofix gelöscht und eine neue Version geladen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.07.2013, 15:05
| #15 |
| | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Erledigt und lade Combofix neu....Danke.. lg Tizzia Hi, habe Combofix erneut geladen.....nun komme ich schon mal bis Files 40 und dann geht nichts mehr, habe jetzt ca 60 Minuten gewartet ob sich was tut, ausser das der Rechner sich aufhängt wenn ich die Maus bewege geschieht nichts....und Logfiles ....gibt es nicht.... Habe meinem Rechner jetzt die Füsse weggezogen und neu gestartet.....er läuft... Noch eine Idee ?? lg Tizzia |
|
| Themen zu Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch |
| adobe, adobe flash player, akamai, autorun, bho, defender, ebay, error, explorer, firefox, flash player, format, freeze, gmx.net, home, infiziert, logfile, mindspark, mindspark toolbar, mozilla, plug-in, programme, realtek, registry, safer networking, scan, search the web, senden, software, temp, thomas, vista |
Linear-Darstellung
