Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Firefox öffnet websites wie serve.bannersdontwork

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.08.2013, 10:04   #1
Takezo64
 
Firefox öffnet websites wie serve.bannersdontwork - Standard

Firefox öffnet websites wie serve.bannersdontwork



Hi!
Ich hab schon diverse Scans durchgeführt, trotzdem öffnet sich von Zeit zu Zeit eine solche Seite. Ein Protokoll mit OLT hab ich erstellt. Siehe hier:

OTL logfile created on: 09.08.2013 09:37:32 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 48,14% Memory free
7,99 Gb Paging File | 5,60 Gb Available in Paging File | 70,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 317,44 Gb Free Space | 68,17% Space Free | Partition Type: NTFS
Drive D: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 931,51 Gb Total Space | 650,80 Gb Free Space | 69,86% Space Free | Partition Type: NTFS
Drive F: | 7,45 Gb Total Space | 1,42 Gb Free Space | 19,02% Space Free | Partition Type: FAT32

Computer Name: TAKEZO-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\takezo\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\nalserv.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Kilgray\memoQ62\AUClient.exe ()
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\softLCP.exe (EnTech Taiwan)
PRC - C:\Program Files (x86)\softOSD\softOSD.exe (EnTech Taiwan)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NalServ) -- C:\Windows\SysWOW64\nalserv.exe (Nalpeiron Ltd.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Kilgray: memoQ update permissions manager. 2595325.) -- C:\Program Files (x86)\Kilgray\memoQ62\AUClient.exe ()
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (softOSD) -- C:\Program Files (x86)\softOSD\softOSD.exe (EnTech Taiwan)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe (SiSoftware)
SRV - (NewServiceInstall1) -- C:\Program Files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (MagicTune) -- C:\Windows\SysNative\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV:64bit: - (se64a) -- C:\Windows\SysNative\drivers\se64a.sys (EnTech Taiwan)
DRV:64bit: - (BTWUSB) -- C:\Windows\SysNative\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (se64a) -- C:\Windows\SysWOW64\drivers\se64a.sys (EnTech Taiwan)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{DB9720DB-25F2-4C15-8F7D-6B8A64F3B3B8}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 62 97 C7 B8 51 CB 01 [binary data]
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes\{6ABCD5EE-36EE-8A5A-23B3-42B5A8CC4DFB}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms}
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\SearchScopes\{DB9720DB-25F2-4C15-8F7D-6B8A64F3B3B8}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.selectedEngine: "WEB.DE Suche"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..browser.search.defaultenginename: "GMX Suche"
FF - prefs.js..browser.search.selectedEngine: "GMX Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: dictionary-switcher%40design-noir.de:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.6.4
FF - prefs.js..extensions.enabledAddons: adonis.cuhk%40gmail.com:1.8.6
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_24\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013.08.08 00:25:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013.08.08 00:25:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.22 10:27:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.22 10:27:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.22 10:27:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.22 10:27:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.22 10:27:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.25 23:23:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.04.14 07:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions
[2012.04.14 07:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions\Profiles
[2012.04.14 07:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions\Profiles\u9qpwlm1.default\extensions
[2012.04.14 07:18:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions\Profiles\u9qpwlm1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.04.14 07:18:22 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\takezo\AppData\Roaming\mozilla\Extensions\Profiles\u9qpwlm1.default\extensions\2020Player_IKEA@2020Technologies.com
[2013.08.09 09:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\Firefox\Profiles\4hb2tzne.default\extensions
[2013.05.16 08:58:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\takezo\AppData\Roaming\mozilla\Firefox\Profiles\4hb2tzne.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.04.14 07:45:36 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\takezo\AppData\Roaming\mozilla\Firefox\Profiles\4hb2tzne.default\extensions\dictionary-switcher@design-noir.de
[2012.02.08 07:46:27 | 000,113,603 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\nosquint@urandom.ca.xpi
[2012.04.14 06:41:31 | 000,576,962 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\toolbar@web.de.xpi
[2011.09.16 10:45:49 | 000,688,336 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}.xpi
[2011.08.03 08:26:41 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
[2012.04.04 06:42:15 | 000,520,884 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.01.06 12:08:49 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.24 07:39:53 | 000,686,225 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2011.08.03 08:26:41 | 000,010,606 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\extensions\Profiles\u9qpwlm1.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}.xpi
[2013.07.23 08:37:44 | 000,005,313 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\adonis.cuhk@gmail.com.xpi
[2013.04.28 00:21:39 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\personas@christopher.beard.xpi
[2013.07.18 09:56:26 | 000,572,343 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\toolbar@gmx.net.xpi
[2012.04.14 07:45:36 | 000,164,858 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
[2013.08.08 10:07:34 | 000,534,178 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.07.31 17:10:54 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.07.18 09:56:49 | 000,002,418 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\searchplugins\englische-ergebnisse.xml
[2013.07.18 09:56:48 | 000,010,701 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\searchplugins\gmx-suche.xml
[2013.07.18 09:56:49 | 000,002,432 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\searchplugins\lastminute.xml
[2013.07.18 09:56:48 | 000,005,682 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\searchplugins\webde-suche.xml
[2013.08.07 19:24:12 | 000,002,112 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\mozilla\firefox\profiles\4hb2tzne.default\searchplugins\wot-safe-search.xml
[2013.08.08 10:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.08.08 10:16:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.04.22 10:27:24 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre1.6.0_24\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre1.6.0_24\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin8.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: AdBlock = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: vshare plugin = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Anti-Banner = C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2013.08.08 17:29:55 | 000,434,097 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14938 more lines...
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_24\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h File not found
O4 - HKU\S-1-5-21-3910134369-2734785477-1122838081-1001..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A7298A0-86C5-42B2-8D33-EEC3FF16E7A7}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A06C56FD-272D-4340-BD27-4A9245B13AA5}: NameServer = 88.214.182.2 88.214.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011.04.05 20:46:00 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.07.15 20:39:51 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2011.10.26 17:57:29 | 000,000,000 | ---D | M] - E:\Auto -- [ NTFS ]
O33 - MountPoints2\{6d46aea9-bbdc-11df-b0c2-00241ddcc840}\Shell - "" = AutoRun
O33 - MountPoints2\{6d46aea9-bbdc-11df-b0c2-00241ddcc840}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{6d46aeaf-bbdc-11df-b0c2-00241ddcc840}\Shell - "" = AutoRun
O33 - MountPoints2\{6d46aeaf-bbdc-11df-b0c2-00241ddcc840}\Shell\AutoRun\command - "" = E:\StartVMCLite.exe
O33 - MountPoints2\{90c94552-a630-11e1-aadf-00241ddcc840}\Shell - "" = AutoRun
O33 - MountPoints2\{90c94552-a630-11e1-aadf-00241ddcc840}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{90c94561-a630-11e1-aadf-00241ddcc840}\Shell - "" = AutoRun
O33 - MountPoints2\{90c94561-a630-11e1-aadf-00241ddcc840}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.08.09 08:58:12 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.08.09 08:58:11 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.08.09 08:58:11 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.08.09 08:58:10 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.08.09 08:58:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.08.09 08:58:10 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.08.09 08:58:10 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.08.08 22:02:58 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{B4472934-13D3-490F-91F3-06BB06ED576E}
[2013.08.08 16:15:07 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Roaming\SUPERAntiSpyware.com
[2013.08.08 16:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.08.08 16:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.08.08 16:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.08.08 16:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.08.08 10:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.08.08 10:02:31 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{B4FC0667-962A-4208-84A5-F969CA49C1D8}
[2013.08.07 19:20:46 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{80B10441-B6FA-4566-AAE0-B91591358283}
[2013.08.07 07:20:26 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{15256F9F-AA5D-4409-80FE-FAFE416012C4}
[2013.08.06 10:04:28 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{753CE5F7-B7BB-4BE3-ABCA-5810661B1B63}
[2013.08.05 20:43:52 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{C96F3D48-CD33-4EAD-8BB9-ADFE5CE19EE7}
[2013.08.05 08:43:38 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{3316DACA-120C-4C60-A805-78F6DDC17B1B}
[2013.08.04 13:51:37 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{2B98E0EC-AE07-4F57-AAFB-BFDFF4D0B435}
[2013.08.03 14:19:56 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{702DE7EC-33A5-4340-A349-9BAA4B66F168}
[2013.08.02 21:41:31 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{DB2ABF03-E7AA-4713-997C-19A058F8DE17}
[2013.08.02 09:41:05 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{D78F6223-3E61-42C9-8262-747CC29990DB}
[2013.08.01 11:50:36 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{0CE53AC1-4632-43F1-8C3F-8A79F1944EF7}
[2013.08.01 07:03:00 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Roaming\MetaCrawler
[2013.07.31 22:01:58 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{BC655F9A-7C8B-4BE4-9BF9-0753EC7926D2}
[2013.07.31 10:01:45 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{A434F258-ADB5-45CA-9641-15AB2F534960}
[2013.07.30 22:01:20 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{78E96EFD-AA06-4F84-8716-B4970447AAAB}
[2013.07.30 10:01:07 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{915ED91F-3C6F-4BFA-AD76-4BE379F0E6A1}
[2013.07.29 22:00:42 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{3A0FD282-7EE7-4A83-B7DF-D23F6EB7AB46}
[2013.07.29 10:00:17 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{A91693D0-1F5B-4B67-A164-F3EF476CA29B}
[2013.07.28 21:59:52 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{C3E3AE9F-B42B-4E3D-93D7-EDA3458D8771}
[2013.07.28 20:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.07.28 09:59:38 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{5F2DB6EC-8B50-4D10-8195-AB96F465E19A}
[2013.07.27 13:33:54 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{771758E0-2897-4EFD-8F1E-EFF870D9D211}
[2013.07.26 09:27:07 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{9862934A-D660-486A-9AD4-E5DC4EF1D0A3}
[2013.07.26 09:26:30 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{D0F2F727-BB05-4630-AD74-1B5838C11FD5}
[2013.07.25 12:58:43 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{B6622161-2887-4AF7-A08E-C099AAD8B386}
[2013.07.25 00:58:18 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{7E0248D8-B267-4199-A5B3-48438C3C0CE6}
[2013.07.24 12:16:25 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{4DAA4C14-7CB8-47C2-BFF7-CEA75A1E9576}
[2013.07.24 00:16:00 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{FA8199A9-F51C-4EBE-9E90-5F2894300926}
[2013.07.23 12:15:48 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{07B02DF8-6DF0-4159-B951-1FACFD861575}
[2013.07.23 09:16:26 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2013.07.23 09:16:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iolo
[2013.07.23 00:15:23 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{1968273A-1E71-4773-8B0A-655852490E8B}
[2013.07.22 10:52:08 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{C1783379-5ECE-482A-A27F-939A3F1D88BA}
[2013.07.21 22:51:43 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{EB4DD1AD-53FA-458C-BA58-A17D9EFABA16}
[2013.07.21 10:51:30 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{A8BAFF9F-4467-497E-866F-0697B8461900}
[2013.07.20 20:35:31 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{4047B6F4-467F-4CA3-8D69-419F1D5D52D6}
[2013.07.20 08:35:15 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{CAF4FAC6-BDEF-4C17-BDB2-28D85A5DEDD4}
[2013.07.20 03:12:14 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{8BC176AE-5FC4-439A-8DB0-D0DAC7AFB287}
[2013.07.19 10:38:56 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{EF957BD3-3E1E-4BE2-9558-AEF51468B312}
[2013.07.18 21:57:54 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{221F18A9-D8E8-4555-BAC0-5454382F59FF}
[2013.07.18 09:57:29 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{BEC545B7-31A3-4F9E-A524-01075452EA63}
[2013.07.17 10:35:23 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{3A0E7070-568D-408F-AB57-6A8DF290E9E8}
[2013.07.16 22:34:58 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{1F238BD8-DD1A-4E20-8572-A5AA6785B032}
[2013.07.16 10:34:45 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{512E2FAC-01D5-40B1-8C2B-CA5A440055BB}
[2013.07.15 22:34:20 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{50300C40-099F-4A93-8F1A-6B713346E17D}
[2013.07.15 10:34:08 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{72F24E69-7274-44AC-B6D1-DB51CC4FA509}
[2013.07.14 22:33:40 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{C93652CE-9C6E-4E29-9090-F111BB5614F0}
[2013.07.14 10:33:27 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{90E4324A-44FA-498E-9114-659752AABAEC}
[2013.07.13 17:01:59 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{8FEC541E-DEE4-4999-A914-97A2C7D30019}
[2013.07.12 11:25:04 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{A67F1388-1546-4569-812F-3B3970480D48}
[2013.07.11 23:24:39 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{4BD2E493-8A72-4B9D-BEEC-B1054C40F63E}
[2013.07.11 11:38:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013.07.11 11:24:24 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{CFD5D1DB-54FF-433F-9897-2BA6948FEAC1}
[2013.07.10 21:24:27 | 000,000,000 | ---D | C] -- C:\Users\takezo\AppData\Local\{1D8CBD9C-1A76-40EC-83C7-86C6DB2B5155}
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.08.09 09:41:54 | 000,026,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.08.09 09:41:53 | 000,026,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.08.09 09:34:02 | 000,001,012 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.08.09 09:33:21 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.08.09 09:33:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.08.09 09:32:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.08.09 09:32:46 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys
[2013.08.09 08:15:00 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ba866b71-bdda-4184-82e3-b3748317208d.job
[2013.08.09 07:23:33 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7366237a-26ec-4017-82e2-3493923e3d4b.job
[2013.08.09 00:56:00 | 002,404,642 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.08.09 00:56:00 | 002,365,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.08.09 00:56:00 | 001,745,140 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.08.09 00:56:00 | 001,716,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.08.09 00:56:00 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.08.08 17:29:55 | 000,434,097 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.08.08 17:14:37 | 000,434,097 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130808-172955.backup
[2013.08.08 16:14:54 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.08.08 10:16:58 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.08.08 01:58:31 | 000,002,068 | ---- | M] () -- C:\Users\takezo\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.08.08 01:58:31 | 000,001,997 | ---- | M] () -- C:\Users\takezo\Desktop\Avira DE-Cleaner.lnk
[2013.08.07 10:58:18 | 000,046,916 | ---- | M] () -- C:\Users\takezo\Desktop\re_oxyval_21.12.2012.pdf
[2013.08.01 08:00:18 | 000,000,128 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\Sandra.ldb
[2013.08.01 06:46:24 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.08.01 06:46:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.07.31 22:35:49 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.07.31 17:13:58 | 009,711,129 | ---- | M] () -- C:\Users\takezo\Desktop\RTNL 6_en.pdf
[2013.07.28 20:35:53 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.07.23 09:16:30 | 000,001,139 | ---- | M] () -- C:\Users\takezo\Desktop\System Checkup.lnk
[2013.07.23 09:16:26 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dat
[2013.07.16 17:25:39 | 000,001,138 | ---- | M] () -- C:\Users\takezo\Desktop\12July - Verknüpfung.lnk
[2013.07.10 14:07:47 | 004,975,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.08.08 16:15:20 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ba866b71-bdda-4184-82e3-b3748317208d.job
[2013.08.08 16:15:18 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7366237a-26ec-4017-82e2-3493923e3d4b.job
[2013.08.08 16:14:54 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.08.08 15:00:33 | 000,001,409 | ---- | C] () -- C:\Users\takezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.08.08 12:42:34 | 000,046,916 | ---- | C] () -- C:\Users\takezo\Desktop\re_oxyval_21.12.2012.pdf
[2013.08.08 10:16:58 | 000,001,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.08.08 10:16:58 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.08.08 00:34:09 | 000,002,068 | ---- | C] () -- C:\Users\takezo\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2013.08.08 00:34:09 | 000,001,997 | ---- | C] () -- C:\Users\takezo\Desktop\Avira DE-Cleaner.lnk
[2013.08.04 14:06:34 | 009,711,129 | ---- | C] () -- C:\Users\takezo\Desktop\RTNL 6_en.pdf
[2013.08.01 08:00:17 | 000,000,128 | ---- | C] () -- C:\Users\takezo\AppData\Roaming\Sandra.ldb
[2013.07.23 09:16:30 | 000,001,139 | ---- | C] () -- C:\Users\takezo\Desktop\System Checkup.lnk
[2013.07.23 09:16:26 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013.07.16 17:25:39 | 000,001,138 | ---- | C] () -- C:\Users\takezo\Desktop\12July - Verknüpfung.lnk
[2013.01.25 12:44:35 | 000,000,105 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012.11.28 15:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.11.28 15:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.11.28 15:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.11.28 15:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.11.28 15:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.09.14 11:19:49 | 000,000,119 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.04.12 06:21:32 | 000,017,408 | ---- | C] () -- C:\Users\takezo\AppData\Local\WebpageIcons.db
[2011.09.29 08:47:23 | 011,165,696 | ---- | C] () -- C:\Users\takezo\AppData\Roaming\Sandra.mdb
[2011.07.26 10:18:01 | 000,003,373 | ---- | C] () -- C:\Users\takezo\unigine_20110726_1017.html
[2011.01.13 12:32:58 | 000,000,058 | ---- | C] () -- C:\Users\takezo\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2010.09.15 16:20:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.07 09:19:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.08.30 12:08:54 | 000,000,094 | ---- | C] () -- C:\Users\takezo\AppData\Local\fusioncache.dat

========== ZeroAccess Check ==========

[2010.06.21 03:01:44 | 000,002,903 | ---- | M] () -- C:\Users\takezo\AppData\Roaming\Songbird2\Profiles\bvlf5ubh.Aida\extensions\{183f766a-4b9b-854d-88db-62677b3d779e}\chrome\skin\mini-player\l.png
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP1B5B4F1

< End of report >

Hoffe, ich hab das so richtig gemacht!

Alt 09.08.2013, 10:09   #2
ryder
/// TB-Ausbilder
 
Firefox öffnet websites wie serve.bannersdontwork - Standard

Firefox öffnet websites wie serve.bannersdontwork



Ja, nur benutzen wir kein OTL mehr.

!! Hinweis an Mitlesende !!
Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht.
Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.




Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:
Bitte lesen:
Regeln für die Bereinigung
  • Illegal genutzte Software
    Beim ersten Anzeichen wird der Support ohne Diskussion eingestellt. Also sorge bitte vorher dafür, dass hier nichts mehr auftaucht.
  • Keine Garantie
    Wir werden uns Mühe geben, aber einen 100% sicheren und sauberen Computer bekommst du nicht zurück. Der einzig sichere Weg ist die Formatierung mit Neuaufsetzen.
  • Keine Alleingänge
    Die Bereinigung funktioniert nur, wenn du genau das machst, was ich anweise. Installiere/deinstalliere keine Software, führe keine Scans durch, die ich dir nicht angewiesen habe. Poste dein Thema in keinem anderen Forum und folge nicht den Anweisungen anderer Helfer. Du raubst damit allen Beteiligten nur Zeit.
  • Aufmerksam lesen und nachfragen
    Lies jede Anleitung genau durch. Bei Unklarheiten bitte vorher nachfragen. Arbeite die Schritte in der Reihenfolge ab und antworte dann erst nach dem letzten Schritt oder wenn du eine Frage hast.
  • Richtig antworten
    • Nachdem du alle Schritte abgearbeitet hast gibst du mir bitte zu jedem Schritt eine Rückmeldung (Logfile oder Antwort) und das gesammelt in einer Antwort.
    • Mache deinen Namen nur dann unkenntlich, wenn es wirklich sein muss. Denke bitte aber auch daran, dass wir diesen Thread und deine Logfiles nachträglich nicht editieren werden! (siehe LINK)
    • Logfiles bitte zwischen Code-Tags platzieren (im Antwortfenster das #-Symbol anklicken) sieht dann so aus:
      [CODE] (Logfile) [/CODE]
    • Hinweis in eigener Sache: Angehängte oder gezippte Logfiles erschweren mir die Arbeit massiv! Mache das also nur, wenn das Logfile zu groß ist, um es direkt zu posten. (Hier gibt es eine Anleitung)
  • Keine privaten Nachrichten
    Ich sehe es, wenn du geantwortet hast, du mußt mich nicht benachrichtigen. Schicke mir nur dann eine PM wenn ich drei Tage nicht geantwortet habe und nur dann.
  • Wie läuft die Bereinigung ab?
    Ganz grob: Analyse > Bereinigung > Kontrolle mit Updates > Fertig. Ob fertig oder nicht werde ich dir ganz deutlich mitteilen, du brauchst nicht nachzufragen.



Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Deinstallation von Programmen
  • Windows XP: Start > Systemsteuerung > Software > [Programmname] > Deinstallieren
  • Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren
  • ggf. Neustart zulassen
Deinstalliere - falls du es nicht absichtlich installiert hast - alles was den Zusatz "Toolbar" enthält, sowie Downloader-Anwendungen (z.B. jDownloader).

Gehe bitte die folgende Liste durch und deinstalliere die genannten Programme, falls vorhanden:
Registry-Cleaner Software, TuneUp Utilities (inkl. Language Pack), Glary Utilities, Spybot S & D (inklusive Teatimer), Zonealarm Firewall (ist unnötig), McAfee Security Scan, Spyware Hunter, Spyware Terminator, Java 6 (alle Varianten, Java 7 kann bleiben), Pokersoftware, xp-Antispy, Hotspot Shield, iLivid, Amazon Icon, DriverEasy, Advanced Driver Updater,Advanced System Protector, RegClean Pro, Advanced System Optimizer, DriverCure, Uniblue DriverScanner, FireJump, SearchAnonymizer, SpeedMaxPC, Optimzer Pro, Webcake, OpenCandy, Zip Opener, WinZipper, Open It!

Ich persönlich empfehle auch alles zu deinstallieren, was mit Bing zu tun hat (Bing Desktop, -toolbar), aber das ist deine Entscheidung.

Auch: Avira DE Cleaner


Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3:
Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 09.08.2013, 12:33   #3
Takezo64
 
Firefox öffnet websites wie serve.bannersdontwork - Standard

Firefox öffnet websites wie serve.bannersdontwork



Hier die adwcleaner Datei.AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 09/08/2013 um 11:42:14 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : takezo - TAKEZO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Usersxxx\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v23.0 (de)

Datei : C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v28.0.1500.95

Datei : C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [30018 octets] - [09/08/2013 09:28:58]
AdwCleaner[S1].txt - [29857 octets] - [09/08/2013 09:30:02]
AdwCleaner[S2].txt - [1001 octets] - [09/08/2013 11:42:14]

########## EOF - C:\AdwCleaner[S2].txt - [1061 octets] ##########
         
--- --- ---


Hier ist die FRST-Datei:
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by takezo (administrator) on 09-08-2013 11:56:58
Running from C:\Users\takezo\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\Kilgray\memoQ62\AUClient.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(EnTech Taiwan) C:\Program Files (x86)\softOSD\softOSD.exe
(EnTech Taiwan) C:\Windows\SysWOW64\softLCP.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKCU\...\Run: [ares] - "C:\Program Files (x86)\Ares\Ares.exe" -h [x]
MountPoints2: {6d46aea9-bbdc-11df-b0c2-00241ddcc840} - F:\StartVMCLite.exe
MountPoints2: {6d46aeaf-bbdc-11df-b0c2-00241ddcc840} - E:\StartVMCLite.exe
MountPoints2: {90c94552-a630-11e1-aadf-00241ddcc840} - F:\AutoRun.exe
MountPoints2: {90c94561-a630-11e1-aadf-00241ddcc840} - F:\AutoRun.exe
HKLM-x32\...\Run: [NPSStartup] -  [x]
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-12-02] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Java\jre1.5.0_10\bin\jusched.exe [49263 2006-11-09] (Sun Microsystems, Inc.)
AppInit_DLLs:             [0 ] ()
AppInit_DLLs-x32:      [0 ] ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: (No Name) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKLM-x32 - {6ABCD5EE-36EE-8A5A-23B3-42B5A8CC4DFB} URL = 
SearchScopes: HKLM-x32 - {DB9720DB-25F2-4C15-8F7D-6B8A64F3B3B8} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
SearchScopes: HKCU - Backup.Old.DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
SearchScopes: HKCU - {6ABCD5EE-36EE-8A5A-23B3-42B5A8CC4DFB} URL = hxxp://startsear.ch/?aff=1&q={searchTerms}
SearchScopes: HKCU - {DB9720DB-25F2-4C15-8F7D-6B8A64F3B3B8} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A06C56FD-272D-4340-BD27-4A9245B13AA5}: [NameServer]88.214.182.2 88.214.178.1

FireFox:
========
FF ProfilePath: C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SelectedSearchEngine: GMX Suche
FF Homepage: www.google.de
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: @real.com/nprpplugin;version=15.0.4.53 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default\searchplugins\wot-safe-search.xml
FF Extension: No Name - C:\Users\takezo\AppData\Roaming\Mozilla\Extensions\Profiles
FF Extension: No Name - C:\Users\takezo\AppData\Roaming\Mozilla\Extensions\profiles.ini
FF Extension: Dictionary Switcher - C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default\Extensions\dictionary-switcher@design-noir.de
FF Extension: WOT - C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: adonis.cuhk - C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default\Extensions\adonis.cuhk@gmail.com.xpi
FF Extension: personas - C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default\Extensions\personas@christopher.beard.xpi
FF Extension: toolbar - C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default\Extensions\toolbar@gmx.net.xpi
FF Extension: No Name - C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default\Extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
FF Extension: No Name - C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: No Name - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions:  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR DefaultSuggestURL: (Google) - hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll No File
CHR Plugin: (Skype Click to Call) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre1.6.0_24\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre1.6.0_24\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin8.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle Broadcaster Plugin) - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Kaspersky URL Advisor) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: (AdBlock) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0
CHR Extension: (Safe Money) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0
CHR Extension: (Content Blocker) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0
CHR Extension: (Virtual Keyboard) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0
CHR Extension: (Anti-Banner) - C:\Users\takezo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR HKLM-x32\...\Chrome\Extension: [bgnnidmnbdkmhfkjgdnngciimpdgohok] - C:\Program Files (x86)\ATDheNetTVApp.com\stv11.crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-12-02] (Kaspersky Lab ZAO)
R2 Kilgray: memoQ update permissions manager. 2595325.; C:\Program Files (x86)\Kilgray\memoQ62\AUClient.exe [696320 2012-12-17] ()
R2 MSSQL$ACROSS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NalServ; C:\Windows\SysWOW64\nalserv.exe [144608 2013-04-10] (Nalpeiron Ltd.)
S2 NewServiceInstall1; C:\Program Files (x86)\SDL International\T2007_FL\TT\Lng\Dialogs1031.lng [11264 2007-04-23] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-03-25] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [93848 2008-09-18] (SiSoftware)
R2 softOSD; C:\Program Files (x86)\softOSD\softOSD.exe [291384 2010-12-18] (EnTech Taiwan)
S4 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [62464 2006-01-05] (Broadcom Corporation.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [243200 2010-01-14] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-01-14] (Huawei Technologies Co., Ltd.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-17] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 se64a; C:\Windows\System32\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
R1 se64a; C:\Windows\SysWow64\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
S1 StarOpen; No ImagePath
S1 tvtool; \??\C:\Program Files (x86)\TVTool 9.6.1\tvtool.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-09 11:55 - 2013-08-09 11:55 - 01790169 _____ (Farbar) C:\Users\takezo\Downloads\FRST64.exe
2013-08-09 11:42 - 2013-08-09 11:42 - 00001130 _____ C:\AdwCleaner[S2].txt
2013-08-09 11:31 - 2013-08-09 11:31 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-09 11:31 - 2013-08-09 11:31 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-09 11:31 - 2013-08-09 11:31 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-09 11:31 - 2013-08-09 11:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-09 11:31 - 2013-08-09 11:31 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-09 11:31 - 2013-08-09 11:31 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-09 11:31 - 2013-08-09 11:31 - 00000000 ____D C:\Program Files\Java
2013-08-09 11:29 - 2013-08-09 11:29 - 33150376 _____ (Oracle Corporation) C:\Users\takezo\Downloads\jre-7u25-windows-x64.exe
2013-08-09 11:28 - 2013-08-09 11:28 - 00903080 _____ (Oracle Corporation) C:\Users\takezo\Downloads\jxpiinstall(1).exe
2013-08-09 10:14 - 2013-08-09 10:14 - 00000000 ____D C:\Users\takezo\AppData\Local\{2584F366-3DE8-4E44-B9EB-F33BEEC390B6}
2013-08-09 09:36 - 2013-08-09 09:36 - 00602112 _____ (OldTimer Tools) C:\Users\takezo\Downloads\OTL(1).exe
2013-08-09 09:30 - 2013-08-09 09:30 - 00029857 _____ C:\AdwCleaner[S1].txt
2013-08-09 09:28 - 2013-08-09 09:29 - 00030018 _____ C:\AdwCleaner[R1].txt
2013-08-09 09:28 - 2013-08-09 09:28 - 00666633 _____ C:\Users\takezo\Downloads\adwcleaner.exe
2013-08-09 08:58 - 2013-05-27 06:54 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-09 08:58 - 2013-05-27 06:53 - 01492992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-09 08:58 - 2013-05-27 06:53 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-09 08:58 - 2013-05-27 06:50 - 12295680 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-09 08:58 - 2013-05-27 06:50 - 09070080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-09 08:58 - 2013-05-27 06:50 - 02458112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-09 08:58 - 2013-05-27 06:50 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-09 08:58 - 2013-05-27 06:50 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-09 08:58 - 2013-05-27 06:50 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-09 08:58 - 2013-05-27 06:50 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-09 08:58 - 2013-05-27 06:02 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-09 08:58 - 2013-05-27 06:01 - 01231872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-09 08:58 - 2013-05-27 06:01 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-09 08:58 - 2013-05-27 05:57 - 06035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-09 08:58 - 2013-05-27 05:57 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-09 08:58 - 2013-05-27 05:57 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-09 08:58 - 2013-05-27 05:56 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-09 08:58 - 2013-05-27 05:56 - 02078208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-09 08:58 - 2013-05-27 05:56 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-09 08:58 - 2013-05-27 05:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-09 08:58 - 2013-05-27 04:58 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-09 08:58 - 2013-05-27 04:20 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-08 22:02 - 2013-08-08 22:03 - 00000000 ____D C:\Users\takezo\AppData\Local\{B4472934-13D3-490F-91F3-06BB06ED576E}
2013-08-08 17:29 - 2013-08-08 17:14 - 00434097 ____R C:\Windows\system32\Drivers\etc\hosts.20130808-172955.backup
2013-08-08 17:14 - 2009-06-10 22:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20130808-171437.backup
2013-08-08 16:13 - 2013-08-08 16:14 - 26603280 _____ (SUPERAntiSpyware.com) C:\Users\takezo\Downloads\SUPERAntiSpyware (1).exe
2013-08-08 16:12 - 2013-08-09 07:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-08 16:12 - 2013-08-08 17:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-08 15:00 - 2013-08-08 15:00 - 00001409 _____ C:\Users\takezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-08-08 10:16 - 2013-08-08 10:16 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-08 10:16 - 2013-08-08 10:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-08 10:14 - 2013-08-08 10:14 - 00282112 _____ (Mozilla) C:\Users\takezo\Downloads\Firefox Setup Stub 23.0.exe
2013-08-08 10:02 - 2013-08-08 10:02 - 00000000 ____D C:\Users\takezo\AppData\Local\{B4FC0667-962A-4208-84A5-F969CA49C1D8}
2013-08-07 19:20 - 2013-08-07 19:20 - 00000000 ____D C:\Users\takezo\AppData\Local\{80B10441-B6FA-4566-AAE0-B91591358283}
2013-08-07 07:20 - 2013-08-07 07:20 - 00000000 ____D C:\Users\takezo\AppData\Local\{15256F9F-AA5D-4409-80FE-FAFE416012C4}
2013-08-06 10:04 - 2013-08-06 10:04 - 00000000 ____D C:\Users\takezo\AppData\Local\{753CE5F7-B7BB-4BE3-ABCA-5810661B1B63}
2013-08-05 20:43 - 2013-08-05 20:44 - 00000000 ____D C:\Users\takezo\AppData\Local\{C96F3D48-CD33-4EAD-8BB9-ADFE5CE19EE7}
2013-08-05 08:43 - 2013-08-05 08:43 - 00000000 ____D C:\Users\takezo\AppData\Local\{3316DACA-120C-4C60-A805-78F6DDC17B1B}
2013-08-04 13:51 - 2013-08-04 13:51 - 00000000 ____D C:\Users\takezo\AppData\Local\{2B98E0EC-AE07-4F57-AAFB-BFDFF4D0B435}
2013-08-03 14:19 - 2013-08-03 14:20 - 00000000 ____D C:\Users\takezo\AppData\Local\{702DE7EC-33A5-4340-A349-9BAA4B66F168}
2013-08-02 21:41 - 2013-08-02 21:41 - 00000000 ____D C:\Users\takezo\AppData\Local\{DB2ABF03-E7AA-4713-997C-19A058F8DE17}
2013-08-02 09:41 - 2013-08-02 09:41 - 00000000 ____D C:\Users\takezo\AppData\Local\{D78F6223-3E61-42C9-8262-747CC29990DB}
2013-08-01 11:50 - 2013-08-01 11:50 - 00000000 ____D C:\Users\takezo\AppData\Local\{0CE53AC1-4632-43F1-8C3F-8A79F1944EF7}
2013-08-01 08:00 - 2013-08-01 08:00 - 00000128 _____ C:\Users\takezo\AppData\Roaming\Sandra.ldb
2013-08-01 07:41 - 2013-08-01 07:41 - 00003190 _____ C:\Windows\System32\Tasks\{E11F9238-8F91-4916-BF69-1FEC8D6EC51C}
2013-08-01 07:41 - 2013-08-01 07:41 - 00003190 _____ C:\Windows\System32\Tasks\{DB6ACCCD-48E9-4F00-8B7B-CE588F0A7996}
2013-08-01 07:03 - 2013-08-01 07:03 - 00003238 _____ C:\Windows\System32\Tasks\Dealply
2013-08-01 07:03 - 2013-08-01 07:03 - 00000000 ____D C:\Users\takezo\AppData\Roaming\MetaCrawler
2013-08-01 06:59 - 2013-08-01 06:59 - 00655200 _____ C:\Users\takezo\Downloads\setup(2).exe
2013-07-31 22:01 - 2013-07-31 22:02 - 00000000 ____D C:\Users\takezo\AppData\Local\{BC655F9A-7C8B-4BE4-9BF9-0753EC7926D2}
2013-07-31 10:01 - 2013-07-31 10:01 - 00000000 ____D C:\Users\takezo\AppData\Local\{A434F258-ADB5-45CA-9641-15AB2F534960}
2013-07-30 22:01 - 2013-07-30 22:01 - 00000000 ____D C:\Users\takezo\AppData\Local\{78E96EFD-AA06-4F84-8716-B4970447AAAB}
2013-07-30 10:01 - 2013-07-30 10:01 - 00000000 ____D C:\Users\takezo\AppData\Local\{915ED91F-3C6F-4BFA-AD76-4BE379F0E6A1}
2013-07-29 22:00 - 2013-07-29 22:00 - 00000000 ____D C:\Users\takezo\AppData\Local\{3A0FD282-7EE7-4A83-B7DF-D23F6EB7AB46}
2013-07-29 10:00 - 2013-07-29 10:00 - 00000000 ____D C:\Users\takezo\AppData\Local\{A91693D0-1F5B-4B67-A164-F3EF476CA29B}
2013-07-28 21:59 - 2013-07-28 22:00 - 00000000 ____D C:\Users\takezo\AppData\Local\{C3E3AE9F-B42B-4E3D-93D7-EDA3458D8771}
2013-07-28 09:59 - 2013-07-28 09:59 - 00000000 ____D C:\Users\takezo\AppData\Local\{5F2DB6EC-8B50-4D10-8195-AB96F465E19A}
2013-07-27 13:33 - 2013-07-27 13:34 - 00000000 ____D C:\Users\takezo\AppData\Local\{771758E0-2897-4EFD-8F1E-EFF870D9D211}
2013-07-26 09:27 - 2013-07-26 09:27 - 00000000 ____D C:\Users\takezo\AppData\Local\{9862934A-D660-486A-9AD4-E5DC4EF1D0A3}
2013-07-26 09:26 - 2013-07-26 09:26 - 00000000 ____D C:\Users\takezo\AppData\Local\{D0F2F727-BB05-4630-AD74-1B5838C11FD5}
2013-07-25 12:58 - 2013-07-25 12:58 - 00000000 ____D C:\Users\takezo\AppData\Local\{B6622161-2887-4AF7-A08E-C099AAD8B386}
2013-07-25 00:58 - 2013-07-25 00:58 - 00000000 ____D C:\Users\takezo\AppData\Local\{7E0248D8-B267-4199-A5B3-48438C3C0CE6}
2013-07-24 12:16 - 2013-07-24 12:16 - 00000000 ____D C:\Users\takezo\AppData\Local\{4DAA4C14-7CB8-47C2-BFF7-CEA75A1E9576}
2013-07-24 00:16 - 2013-07-24 00:16 - 00000000 ____D C:\Users\takezo\AppData\Local\{FA8199A9-F51C-4EBE-9E90-5F2894300926}
2013-07-23 12:15 - 2013-07-23 12:15 - 00000000 ____D C:\Users\takezo\AppData\Local\{07B02DF8-6DF0-4159-B951-1FACFD861575}
2013-07-23 09:16 - 2013-08-09 11:26 - 00000000 ____D C:\ProgramData\iolo
2013-07-23 09:16 - 2013-07-23 09:16 - 00074703 _____ C:\Windows\SysWOW64\mfc45.dat
2013-07-23 00:15 - 2013-07-23 00:15 - 00000000 ____D C:\Users\takezo\AppData\Local\{1968273A-1E71-4773-8B0A-655852490E8B}
2013-07-22 10:52 - 2013-07-22 10:52 - 00000000 ____D C:\Users\takezo\AppData\Local\{C1783379-5ECE-482A-A27F-939A3F1D88BA}
2013-07-21 22:51 - 2013-07-21 22:51 - 00000000 ____D C:\Users\takezo\AppData\Local\{EB4DD1AD-53FA-458C-BA58-A17D9EFABA16}
2013-07-21 11:55 - 2013-07-21 11:55 - 06698056 _____ C:\Users\takezo\Downloads\gmx_system_mechanic_checkup_nlpay.exe
2013-07-21 10:51 - 2013-07-21 10:51 - 00000000 ____D C:\Users\takezo\AppData\Local\{A8BAFF9F-4467-497E-866F-0697B8461900}
2013-07-20 20:35 - 2013-07-20 20:35 - 00000000 ____D C:\Users\takezo\AppData\Local\{4047B6F4-467F-4CA3-8D69-419F1D5D52D6}
2013-07-20 08:35 - 2013-07-20 08:35 - 00000000 ____D C:\Users\takezo\AppData\Local\{CAF4FAC6-BDEF-4C17-BDB2-28D85A5DEDD4}
2013-07-20 03:12 - 2013-07-20 03:12 - 00000000 ____D C:\Users\takezo\AppData\Local\{8BC176AE-5FC4-439A-8DB0-D0DAC7AFB287}
2013-07-19 10:38 - 2013-07-19 10:39 - 00000000 ____D C:\Users\takezo\AppData\Local\{EF957BD3-3E1E-4BE2-9558-AEF51468B312}
2013-07-18 21:57 - 2013-07-18 21:58 - 00000000 ____D C:\Users\takezo\AppData\Local\{221F18A9-D8E8-4555-BAC0-5454382F59FF}
2013-07-18 09:57 - 2013-07-18 09:58 - 01067192 _____ (Solid State Networks) C:\Users\takezo\Downloads\install_flashplayer11x32axau_mssd_aaa_aih.exe
2013-07-18 09:57 - 2013-07-18 09:57 - 00000000 ____D C:\Users\takezo\AppData\Local\{BEC545B7-31A3-4F9E-A524-01075452EA63}
2013-07-17 10:35 - 2013-07-17 10:35 - 00000000 ____D C:\Users\takezo\AppData\Local\{3A0E7070-568D-408F-AB57-6A8DF290E9E8}
2013-07-16 22:34 - 2013-07-16 22:35 - 00000000 ____D C:\Users\takezo\AppData\Local\{1F238BD8-DD1A-4E20-8572-A5AA6785B032}
2013-07-16 17:25 - 2013-07-16 17:25 - 00001138 _____ C:\Users\takezo\Desktop\12July - Verknüpfung.lnk
2013-07-16 10:34 - 2013-07-16 10:34 - 00000000 ____D C:\Users\takezo\AppData\Local\{512E2FAC-01D5-40B1-8C2B-CA5A440055BB}
2013-07-15 22:34 - 2013-07-15 22:34 - 00000000 ____D C:\Users\takezo\AppData\Local\{50300C40-099F-4A93-8F1A-6B713346E17D}
2013-07-15 10:34 - 2013-07-15 10:34 - 00000000 ____D C:\Users\takezo\AppData\Local\{72F24E69-7274-44AC-B6D1-DB51CC4FA509}
2013-07-14 22:33 - 2013-07-14 22:33 - 00000000 ____D C:\Users\takezo\AppData\Local\{C93652CE-9C6E-4E29-9090-F111BB5614F0}
2013-07-14 10:33 - 2013-07-14 10:33 - 00000000 ____D C:\Users\takezo\AppData\Local\{90E4324A-44FA-498E-9114-659752AABAEC}
2013-07-13 17:01 - 2013-07-13 17:02 - 00000000 ____D C:\Users\takezo\AppData\Local\{8FEC541E-DEE4-4999-A914-97A2C7D30019}
2013-07-12 14:29 - 2013-07-12 14:29 - 00000000 ____D C:\Program Files (x86)\GUM30A7.tmp
2013-07-12 11:25 - 2013-07-12 11:25 - 00000000 ____D C:\Users\takezo\AppData\Local\{A67F1388-1546-4569-812F-3B3970480D48}
2013-07-11 23:24 - 2013-07-11 23:24 - 00000000 ____D C:\Users\takezo\AppData\Local\{4BD2E493-8A72-4B9D-BEEC-B1054C40F63E}
2013-07-11 13:30 - 2013-07-11 13:30 - 00040960 _____ C:\Users\takezo\Downloads\InformacaoFinanceira(PT).xls
2013-07-11 11:38 - 2013-07-11 11:40 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 11:24 - 2013-07-11 11:24 - 00000000 ____D C:\Users\takezo\AppData\Local\{CFD5D1DB-54FF-433F-9897-2BA6948FEAC1}
2013-07-10 21:24 - 2013-07-10 21:24 - 00000000 ____D C:\Users\takezo\AppData\Local\{1D8CBD9C-1A76-40EC-83C7-86C6DB2B5155}
2013-07-10 09:28 - 2013-06-05 04:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 09:28 - 2013-06-04 07:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 09:28 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 09:28 - 2013-05-06 07:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 09:28 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 09:28 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 09:28 - 2013-04-02 23:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 09:24 - 2013-07-10 09:24 - 00000000 ____D C:\Users\takezo\AppData\Local\{000C16F9-FEC8-4488-82C7-57F2BFBAFF1A}

==================== One Month Modified Files and Folders =======

2013-08-09 11:56 - 2013-08-09 11:56 - 00000000 ____D C:\FRST
2013-08-09 11:55 - 2013-08-09 11:55 - 01790169 _____ (Farbar) C:\Users\takezo\Downloads\FRST64.exe
2013-08-09 11:51 - 2009-07-14 05:45 - 00026032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 11:51 - 2009-07-14 05:45 - 00026032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 11:45 - 2010-08-30 11:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-09 11:44 - 2011-09-05 10:33 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-09 11:44 - 2010-08-30 11:33 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-09 11:44 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 11:44 - 2009-07-14 05:51 - 00082907 _____ C:\Windows\setupact.log
2013-08-09 11:42 - 2013-08-09 11:42 - 00001130 _____ C:\AdwCleaner[S2].txt
2013-08-09 11:42 - 2010-08-30 11:04 - 02034210 _____ C:\Windows\WindowsUpdate.log
2013-08-09 11:39 - 2011-07-27 10:23 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-08-09 11:37 - 2010-08-30 11:56 - 00046408 _____ C:\Windows\PFRO.log
2013-08-09 11:34 - 2011-09-05 10:33 - 00001012 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-09 11:33 - 2012-07-15 09:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-09 11:32 - 2013-06-25 23:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-09 11:32 - 2010-09-01 20:23 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-09 11:31 - 2013-08-09 11:31 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-09 11:31 - 2013-08-09 11:31 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-09 11:31 - 2013-08-09 11:31 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-09 11:31 - 2013-08-09 11:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-09 11:31 - 2013-08-09 11:31 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-09 11:31 - 2013-08-09 11:31 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-09 11:31 - 2013-08-09 11:31 - 00000000 ____D C:\Program Files\Java
2013-08-09 11:29 - 2013-08-09 11:29 - 33150376 _____ (Oracle Corporation) C:\Users\takezo\Downloads\jre-7u25-windows-x64.exe
2013-08-09 11:28 - 2013-08-09 11:28 - 00903080 _____ (Oracle Corporation) C:\Users\takezo\Downloads\jxpiinstall(1).exe
2013-08-09 11:26 - 2013-07-23 09:16 - 00000000 ____D C:\ProgramData\iolo
2013-08-09 10:14 - 2013-08-09 10:14 - 00000000 ____D C:\Users\takezo\AppData\Local\{2584F366-3DE8-4E44-B9EB-F33BEEC390B6}
2013-08-09 09:48 - 2011-08-01 09:54 - 00126646 _____ C:\Users\takezo\Downloads\OTL.Txt
2013-08-09 09:36 - 2013-08-09 09:36 - 00602112 _____ (OldTimer Tools) C:\Users\takezo\Downloads\OTL(1).exe
2013-08-09 09:30 - 2013-08-09 09:30 - 00029857 _____ C:\AdwCleaner[S1].txt
2013-08-09 09:29 - 2013-08-09 09:28 - 00030018 _____ C:\AdwCleaner[R1].txt
2013-08-09 09:28 - 2013-08-09 09:28 - 00666633 _____ C:\Users\takezo\Downloads\adwcleaner.exe
2013-08-09 07:44 - 2013-08-08 16:12 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-09 00:56 - 2009-07-14 18:58 - 02404642 _____ C:\Windows\system32\perfh007.dat
2013-08-09 00:56 - 2009-07-14 18:58 - 01745140 _____ C:\Windows\system32\perfc007.dat
2013-08-09 00:56 - 2009-07-14 06:13 - 00006656 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-08 22:03 - 2013-08-08 22:02 - 00000000 ____D C:\Users\takezo\AppData\Local\{B4472934-13D3-490F-91F3-06BB06ED576E}
2013-08-08 17:14 - 2013-08-08 17:29 - 00434097 ____R C:\Windows\system32\Drivers\etc\hosts.20130808-172955.backup
2013-08-08 17:02 - 2013-08-08 16:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-08 16:14 - 2013-08-08 16:13 - 26603280 _____ (SUPERAntiSpyware.com) C:\Users\takezo\Downloads\SUPERAntiSpyware (1).exe
2013-08-08 15:00 - 2013-08-08 15:00 - 00001409 _____ C:\Users\takezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-08-08 15:00 - 2010-08-30 11:21 - 00001403 _____ C:\Users\takezo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-08 14:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-08 14:45 - 2013-01-02 21:53 - 00000000 ____D C:\Users\takezo\Documents\My Games
2013-08-08 14:44 - 2012-09-21 02:18 - 00000000 ____D C:\Program Files (x86)\ATDheNetTVApp.com
2013-08-08 10:16 - 2013-08-08 10:16 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-08 10:16 - 2013-08-08 10:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-08 10:14 - 2013-08-08 10:14 - 00282112 _____ (Mozilla) C:\Users\takezo\Downloads\Firefox Setup Stub 23.0.exe
2013-08-08 10:02 - 2013-08-08 10:02 - 00000000 ____D C:\Users\takezo\AppData\Local\{B4FC0667-962A-4208-84A5-F969CA49C1D8}
2013-08-08 00:27 - 2010-08-30 11:20 - 00000000 ____D C:\Users\takezo
2013-08-08 00:25 - 2010-09-27 12:48 - 00000000 ____D C:\ProgramData\Real
2013-08-08 00:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-08-07 19:20 - 2013-08-07 19:20 - 00000000 ____D C:\Users\takezo\AppData\Local\{80B10441-B6FA-4566-AAE0-B91591358283}
2013-08-07 07:20 - 2013-08-07 07:20 - 00000000 ____D C:\Users\takezo\AppData\Local\{15256F9F-AA5D-4409-80FE-FAFE416012C4}
2013-08-06 10:04 - 2013-08-06 10:04 - 00000000 ____D C:\Users\takezo\AppData\Local\{753CE5F7-B7BB-4BE3-ABCA-5810661B1B63}
2013-08-05 20:44 - 2013-08-05 20:43 - 00000000 ____D C:\Users\takezo\AppData\Local\{C96F3D48-CD33-4EAD-8BB9-ADFE5CE19EE7}
2013-08-05 10:39 - 2010-08-30 14:28 - 00000000 ____D C:\Users\takezo\AppData\Roaming\Skype
2013-08-05 08:43 - 2013-08-05 08:43 - 00000000 ____D C:\Users\takezo\AppData\Local\{3316DACA-120C-4C60-A805-78F6DDC17B1B}
2013-08-04 15:59 - 2012-04-20 18:41 - 00000000 ____D C:\Users\takezo\AppData\Roaming\MemoQ
2013-08-04 15:58 - 2012-04-20 18:40 - 00000000 ____D C:\ProgramData\MemoQ
2013-08-04 14:09 - 2012-09-14 11:19 - 00000000 ____D C:\Users\takezo\Documents\My MemoQ Projects
2013-08-04 13:51 - 2013-08-04 13:51 - 00000000 ____D C:\Users\takezo\AppData\Local\{2B98E0EC-AE07-4F57-AAFB-BFDFF4D0B435}
2013-08-03 14:20 - 2013-08-03 14:19 - 00000000 ____D C:\Users\takezo\AppData\Local\{702DE7EC-33A5-4340-A349-9BAA4B66F168}
2013-08-02 21:41 - 2013-08-02 21:41 - 00000000 ____D C:\Users\takezo\AppData\Local\{DB2ABF03-E7AA-4713-997C-19A058F8DE17}
2013-08-02 09:41 - 2013-08-02 09:41 - 00000000 ____D C:\Users\takezo\AppData\Local\{D78F6223-3E61-42C9-8262-747CC29990DB}
2013-08-01 11:50 - 2013-08-01 11:50 - 00000000 ____D C:\Users\takezo\AppData\Local\{0CE53AC1-4632-43F1-8C3F-8A79F1944EF7}
2013-08-01 08:00 - 2013-08-01 08:00 - 00000128 _____ C:\Users\takezo\AppData\Roaming\Sandra.ldb
2013-08-01 07:41 - 2013-08-01 07:41 - 00003190 _____ C:\Windows\System32\Tasks\{E11F9238-8F91-4916-BF69-1FEC8D6EC51C}
2013-08-01 07:41 - 2013-08-01 07:41 - 00003190 _____ C:\Windows\System32\Tasks\{DB6ACCCD-48E9-4F00-8B7B-CE588F0A7996}
2013-08-01 07:03 - 2013-08-01 07:03 - 00003238 _____ C:\Windows\System32\Tasks\Dealply
2013-08-01 07:03 - 2013-08-01 07:03 - 00000000 ____D C:\Users\takezo\AppData\Roaming\MetaCrawler
2013-08-01 06:59 - 2013-08-01 06:59 - 00655200 _____ C:\Users\takezo\Downloads\setup(2).exe
2013-08-01 06:52 - 2010-09-01 23:07 - 00000000 ____D C:\Users\takezo\AppData\Local\Adobe
2013-08-01 06:46 - 2012-07-15 09:37 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-01 06:46 - 2012-04-05 07:18 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-01 06:46 - 2011-05-20 07:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-31 22:35 - 2011-09-05 10:34 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-31 22:02 - 2013-07-31 22:01 - 00000000 ____D C:\Users\takezo\AppData\Local\{BC655F9A-7C8B-4BE4-9BF9-0753EC7926D2}
2013-07-31 10:01 - 2013-07-31 10:01 - 00000000 ____D C:\Users\takezo\AppData\Local\{A434F258-ADB5-45CA-9641-15AB2F534960}
2013-07-30 22:01 - 2013-07-30 22:01 - 00000000 ____D C:\Users\takezo\AppData\Local\{78E96EFD-AA06-4F84-8716-B4970447AAAB}
2013-07-30 14:34 - 2010-08-30 11:20 - 00000000 ____D C:\Users\takezo\AppData\Local\VirtualStore
2013-07-30 10:01 - 2013-07-30 10:01 - 00000000 ____D C:\Users\takezo\AppData\Local\{915ED91F-3C6F-4BFA-AD76-4BE379F0E6A1}
2013-07-29 22:00 - 2013-07-29 22:00 - 00000000 ____D C:\Users\takezo\AppData\Local\{3A0FD282-7EE7-4A83-B7DF-D23F6EB7AB46}
2013-07-29 10:00 - 2013-07-29 10:00 - 00000000 ____D C:\Users\takezo\AppData\Local\{A91693D0-1F5B-4B67-A164-F3EF476CA29B}
2013-07-28 22:00 - 2013-07-28 21:59 - 00000000 ____D C:\Users\takezo\AppData\Local\{C3E3AE9F-B42B-4E3D-93D7-EDA3458D8771}
2013-07-28 20:35 - 2012-06-06 11:55 - 00002172 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-28 20:35 - 2010-09-27 12:47 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-28 09:59 - 2013-07-28 09:59 - 00000000 ____D C:\Users\takezo\AppData\Local\{5F2DB6EC-8B50-4D10-8195-AB96F465E19A}
2013-07-27 13:34 - 2013-07-27 13:33 - 00000000 ____D C:\Users\takezo\AppData\Local\{771758E0-2897-4EFD-8F1E-EFF870D9D211}
2013-07-27 13:29 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-26 09:27 - 2013-07-26 09:27 - 00000000 ____D C:\Users\takezo\AppData\Local\{9862934A-D660-486A-9AD4-E5DC4EF1D0A3}
2013-07-26 09:26 - 2013-07-26 09:26 - 00000000 ____D C:\Users\takezo\AppData\Local\{D0F2F727-BB05-4630-AD74-1B5838C11FD5}
2013-07-25 12:58 - 2013-07-25 12:58 - 00000000 ____D C:\Users\takezo\AppData\Local\{B6622161-2887-4AF7-A08E-C099AAD8B386}
2013-07-25 00:58 - 2013-07-25 00:58 - 00000000 ____D C:\Users\takezo\AppData\Local\{7E0248D8-B267-4199-A5B3-48438C3C0CE6}
2013-07-24 12:16 - 2013-07-24 12:16 - 00000000 ____D C:\Users\takezo\AppData\Local\{4DAA4C14-7CB8-47C2-BFF7-CEA75A1E9576}
2013-07-24 00:16 - 2013-07-24 00:16 - 00000000 ____D C:\Users\takezo\AppData\Local\{FA8199A9-F51C-4EBE-9E90-5F2894300926}
2013-07-23 12:15 - 2013-07-23 12:15 - 00000000 ____D C:\Users\takezo\AppData\Local\{07B02DF8-6DF0-4159-B951-1FACFD861575}
2013-07-23 09:16 - 2013-07-23 09:16 - 00074703 _____ C:\Windows\SysWOW64\mfc45.dat
2013-07-23 00:15 - 2013-07-23 00:15 - 00000000 ____D C:\Users\takezo\AppData\Local\{1968273A-1E71-4773-8B0A-655852490E8B}
2013-07-22 10:52 - 2013-07-22 10:52 - 00000000 ____D C:\Users\takezo\AppData\Local\{C1783379-5ECE-482A-A27F-939A3F1D88BA}
2013-07-21 22:51 - 2013-07-21 22:51 - 00000000 ____D C:\Users\takezo\AppData\Local\{EB4DD1AD-53FA-458C-BA58-A17D9EFABA16}
2013-07-21 11:55 - 2013-07-21 11:55 - 06698056 _____ C:\Users\takezo\Downloads\gmx_system_mechanic_checkup_nlpay.exe
2013-07-21 10:51 - 2013-07-21 10:51 - 00000000 ____D C:\Users\takezo\AppData\Local\{A8BAFF9F-4467-497E-866F-0697B8461900}
2013-07-20 20:35 - 2013-07-20 20:35 - 00000000 ____D C:\Users\takezo\AppData\Local\{4047B6F4-467F-4CA3-8D69-419F1D5D52D6}
2013-07-20 08:35 - 2013-07-20 08:35 - 00000000 ____D C:\Users\takezo\AppData\Local\{CAF4FAC6-BDEF-4C17-BDB2-28D85A5DEDD4}
2013-07-20 03:12 - 2013-07-20 03:12 - 00000000 ____D C:\Users\takezo\AppData\Local\{8BC176AE-5FC4-439A-8DB0-D0DAC7AFB287}
2013-07-19 10:39 - 2013-07-19 10:38 - 00000000 ____D C:\Users\takezo\AppData\Local\{EF957BD3-3E1E-4BE2-9558-AEF51468B312}
2013-07-18 21:58 - 2013-07-18 21:57 - 00000000 ____D C:\Users\takezo\AppData\Local\{221F18A9-D8E8-4555-BAC0-5454382F59FF}
2013-07-18 09:58 - 2013-07-18 09:57 - 01067192 _____ (Solid State Networks) C:\Users\takezo\Downloads\install_flashplayer11x32axau_mssd_aaa_aih.exe
2013-07-18 09:57 - 2013-07-18 09:57 - 00000000 ____D C:\Users\takezo\AppData\Local\{BEC545B7-31A3-4F9E-A524-01075452EA63}
2013-07-17 10:35 - 2013-07-17 10:35 - 00000000 ____D C:\Users\takezo\AppData\Local\{3A0E7070-568D-408F-AB57-6A8DF290E9E8}
2013-07-16 22:35 - 2013-07-16 22:34 - 00000000 ____D C:\Users\takezo\AppData\Local\{1F238BD8-DD1A-4E20-8572-A5AA6785B032}
2013-07-16 17:25 - 2013-07-16 17:25 - 00001138 _____ C:\Users\takezo\Desktop\12July - Verknüpfung.lnk
2013-07-16 10:34 - 2013-07-16 10:34 - 00000000 ____D C:\Users\takezo\AppData\Local\{512E2FAC-01D5-40B1-8C2B-CA5A440055BB}
2013-07-15 22:34 - 2013-07-15 22:34 - 00000000 ____D C:\Users\takezo\AppData\Local\{50300C40-099F-4A93-8F1A-6B713346E17D}
2013-07-15 10:34 - 2013-07-15 10:34 - 00000000 ____D C:\Users\takezo\AppData\Local\{72F24E69-7274-44AC-B6D1-DB51CC4FA509}
2013-07-14 22:33 - 2013-07-14 22:33 - 00000000 ____D C:\Users\takezo\AppData\Local\{C93652CE-9C6E-4E29-9090-F111BB5614F0}
2013-07-14 10:33 - 2013-07-14 10:33 - 00000000 ____D C:\Users\takezo\AppData\Local\{90E4324A-44FA-498E-9114-659752AABAEC}
2013-07-13 17:02 - 2013-07-13 17:01 - 00000000 ____D C:\Users\takezo\AppData\Local\{8FEC541E-DEE4-4999-A914-97A2C7D30019}
2013-07-12 14:29 - 2013-07-12 14:29 - 00000000 ____D C:\Program Files (x86)\GUM30A7.tmp
2013-07-12 14:29 - 2011-09-05 10:33 - 00004008 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 14:29 - 2011-09-05 10:33 - 00003756 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 11:25 - 2013-07-12 11:25 - 00000000 ____D C:\Users\takezo\AppData\Local\{A67F1388-1546-4569-812F-3B3970480D48}
2013-07-11 23:24 - 2013-07-11 23:24 - 00000000 ____D C:\Users\takezo\AppData\Local\{4BD2E493-8A72-4B9D-BEEC-B1054C40F63E}
2013-07-11 13:30 - 2013-07-11 13:30 - 00040960 _____ C:\Users\takezo\Downloads\InformacaoFinanceira(PT).xls
2013-07-11 11:40 - 2013-07-11 11:38 - 00000000 ____D C:\Windows\system32\MRT
2013-07-11 11:24 - 2013-07-11 11:24 - 00000000 ____D C:\Users\takezo\AppData\Local\{CFD5D1DB-54FF-433F-9897-2BA6948FEAC1}
2013-07-10 21:24 - 2013-07-10 21:24 - 00000000 ____D C:\Users\takezo\AppData\Local\{1D8CBD9C-1A76-40EC-83C7-86C6DB2B5155}
2013-07-10 14:07 - 2009-07-14 05:45 - 04975856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 14:05 - 2012-05-17 08:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 14:05 - 2012-05-17 08:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 14:03 - 2009-07-14 19:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 14:03 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 14:03 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 09:48 - 2010-08-30 12:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 09:24 - 2013-07-10 09:24 - 00000000 ____D C:\Users\takezo\AppData\Local\{000C16F9-FEC8-4488-82C7-57F2BFBAFF1A}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 16:11

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Und hier die Addition-Datei:FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2013 02
Ran by takezo at 2013-08-09 11:58:13
Running from C:\Users\takezo\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
 Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Across Personal Edition (x32 Version: 5.00.0)
Adobe Acrobat 6.0 Professional (x32 Version: 006.000.000)
Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Content Viewer (x32 Version: 1.4.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe InDesign CS5.5 (x32 Version: 7.5)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Application Verifier (x64) (Version: 4.1.1078)
Audiograbber 1.83 SE  (x32 Version: 1.83 SE )
Autodesk Express Viewer (x32 Version: 3.1)
BCL easyConverter SDK 1.0.0 (x32 Version: 1.00.0034)
BioShock 2 (x32 Version: 1.0.0003.131)
BioShock 2 (x32 Version: 1.00.0000)
Bonjour (Version: 3.0.0.10)
Chinese Simplified Fonts Support For Adobe Reader 9 (x32 Version: 9.0.0)
Chinese Traditional Fonts Support For Adobe Reader 9 (x32 Version: 9.0.0)
CPT Crosswords (x32)
Crysis® 2 (x32 Version: 1.0.0.0)
CygniCon (x32 Version: 1.0.8.6)
D3DX10 (x32 Version: 15.4.2368.0902)
Data Lifeguard Diagnostic for Windows 1.24 (x32)
Dead Space™ (x32 Version: 1.0.222.0)
Debugging Tools for Windows (x64) (Version: 6.12.2.633)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Defraggler (Version: 2.06)
dows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Dual-Core Optimizer (x32 Version: 1.1.4.0169)
EA Download Manager (x32 Version: 4.0.0.455)
eMule (x32)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
FileZilla Client 3.7.0.2 (x32 Version: 3.7.0.2)
Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1)
Google Chrome (x32 Version: 28.0.1500.95)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0)
Idiom WorldServer Desktop Workbench (x32 Version: 9.0.1.60)
ImgBurn (x32 Version: 2.5.5.0)
iTunes (Version: 11.0.3.42)
J2SE Runtime Environment 5.0 Update 10 (x32 Version: 1.5.0.100)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
Mass Effect™ 3 (x32 Version: 1.04.0.0)
memoQ 6.2 (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42)
Microsoft Publisher 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (ACROSS) (x32 Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (x32 Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Windows Performance Toolkit (Version: 4.8.0)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.7600.0.30514)
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514)
Microsoft WSE 2.0 SP3 Runtime (x32 Version: 2.0.5050.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0)
Mozilla Firefox 23.0 (x86 de) (x32 Version: 23.0)
Mozilla Maintenance Service (x32 Version: 23.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10600.6.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0)
Nero BackItUp 10 (x32 Version: 5.4.11600.19.100)
Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10700)
Nero Burning ROM 10 (x32 Version: 10.0.11100.10.100)
Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10700)
Nero BurnRights 10 (x32 Version: 4.0.11000.12.100)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10600)
Nero Control Center 10 (x32 Version: 10.0.12000.1.4)
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700)
Nero Core Components 10 (x32 Version: 2.0.13700.0.1)
Nero CoverDesigner 10 (x32 Version: 5.0.10900.11.100)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10600)
Nero DiscSpeed 10 (x32 Version: 6.0.10800.7.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10600)
Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10)
Nero Express 10 (x32 Version: 10.0.11000.10.100)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10700)
Nero InfoTool 10 (x32 Version: 7.0.10800.8.100)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10600)
Nero MediaHub 10 (x32 Version: 1.0.13400.11.100)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10700)
Nero Multimedia Suite 10 (x32 Version: 10.0.13100)
Nero Recode 10 (x32 Version: 4.6.10900.4.100)
Nero Recode 10 Help (CHM) (x32 Version: 1.0.10600)
Nero RescueAgent 10 (x32 Version: 3.0.10900.9.100)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10700)
Nero SoundTrax 10 (x32 Version: 4.6.10600.2.100)
Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10600)
Nero StartSmart 10 (x32 Version: 10.0.11200.12.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10700)
Nero Update (x32 Version: 1.0.0017)
Nero Vision 10 (x32 Version: 7.0.11100.8.100)
Nero Vision 10 Help (CHM) (x32 Version: 1.0.10600)
Nero WaveEditor 10 (x32 Version: 5.6.10600.2.100)
Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10600)
Norwegisch AKTIV Demo (x32)
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33)
NVIDIA 3D Vision Controller-Treiber 275.33 (Version: 275.33)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.11.1107)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Open XML SDK 2.0 for Microsoft Office (x32 Version: 2.0.5022)
Origin (x32 Version: 9.1.3.2637)
PaperPort (x32 Version: 9.02.0814)
PDF Settings CS5 (x32 Version: 10.0)
PosteRazor (x32 Version: 1.5)
PunkBuster Services (x32 Version: 0.990)
QuickTime (x32 Version: 7.74.80.86)
RealPlayer (x32 Version: 15.0.4)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Rosetta Stone Version 3 (x32 Version: 3.3.7.0)
RT 7 Lite (64-Bit) (HKCU Version: 2.6.0)
RT 7 Lite x64 (Version: 2.6.0)
Safari (x32 Version: 5.34.57.2)
Samsung Kies (x32 Version: 2.5.0.12114_1)
Samsung Mobile phone USB driver Drive Software
Samsung New PC Studio (x32 Version: 1.00.0000)
Samsung PC Studio 3 USB Driver Installer (x32 Version: 3.2.0.70701)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
Sapo movel (x32 Version: 16.001.06.00.84)
Screenshot Captor 2.88.01 (x32)
SDL MultiTerm SideBySide Tools (x32 Version: 1.0.181)
SDL Passolo 2009 Essential SR3 (x32 Version: SDL Passolo 2009 Essential SR3)
SDL Passolo Essential 2011 SP6 (x32 Version: 11.6.0.0)
SDL Trados 2007 Freelance (x32 Version: 8.2.835)
SDL Trados 2011 SP2R - Remove suite of products (x32 Version: 2.2.3046)
SDL Trados Studio 2009 SP3 (x32 Version: 1.3.2307.0)
SDL Trados Studio 2011 SP2R (x32 Version: 2.2.3079)
SDL Trados Synergy 2007 (x32 Version: 2.1.132.0)
SDL XLIFF Converter for Microsoft Office (x32 Version: 1.0.0)
SDLX (x32 Version: 9.2.7035)
SiSoftware Sandra Lite 2011.SP5 (Version: 17.80.2011.10)
Skype™ 6.3 (x32 Version: 6.3.107)
softOSD Client (Build 1445) (x32)
Steam (x32 Version: 1.0.0.0)
StreamTorrent 1.0 (x32)
System Requirements Lab (x32)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
UltraISO Premium V9.36 (x32)
Unigine Heaven DX11 Benchmark 2.5 version 2.5 (x32 Version: 2.5)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Veetle TV (x32 Version: 0.9.19)
VLC media player 1.1.9 (x32 Version: 1.1.9)
vShare.tv plugin 1.3 (x32 Version: 1.3)
WIDCOMM Bluetooth Software (Version: 6.2.1.2600)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (Version: 04/08/2010 6.3.5.430)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR Archivierer (x32)
Wordfast (x32)
XBMC (HKCU)
Xiph.Org Open Codecs 0.84.17359 (x32 Version: 0.84.17359)

==================== Restore Points  =========================

02-08-2013 08:39:39 Windows Update
06-08-2013 09:10:39 Windows Update
07-08-2013 23:37:36 Windows Update
08-08-2013 09:22:51 Windows Modules Installer
08-08-2013 13:41:26 Avira DE-Cleaner - 08.08.2013 14:41
08-08-2013 13:45:51 Removed Red Faction Guerrilla
09-08-2013 07:58:21 Windows Update
09-08-2013 10:30:31 Installed Java 7 Update 25 (64-bit)
09-08-2013 10:32:16 Removed Java(TM) 6 Update 14
09-08-2013 10:32:51 Removed Java(TM) 6 Update 24
09-08-2013 10:33:56 Entfernt MagicTunePremium

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-08-08 17:29 - 00434097 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {050CB4E6-51AA-47A0-9139-FA67C9B64823} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {096BDEBF-BA00-40DD-834D-623E0FAE9827} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0E9AFC25-4523-4951-9309-6F9522AC8266} - System32\Tasks\Dealply => C:\Users\takezo\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE No File
Task: {3AEC12E8-AA2B-46AA-ABA8-8BE1DB57A2F7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3910134369-2734785477-1122838081-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {3FEABF15-BBD2-479F-896C-54FFFF9C2627} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe No File
Task: {4D292446-79FD-4571-A06A-873D536DE552} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe No File
Task: {58A432A0-F99C-4C04-A098-54BFF6356D87} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-05] (Google Inc.)
Task: {7D5453F1-E363-4277-BDD1-D4DB11083D3D} - System32\Tasks\{5972AF8D-CC82-419B-AFB5-A66FFDB3D837} => C:\Windows\System32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {8008DF15-EC18-46D7-80BB-40492C4D3F65} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {86284B2D-B38B-43FF-8434-94D6527D7486} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {8DC3736E-4C5B-4C99-8035-C7AB90E53262} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe No File
Task: {9B54A048-E8D9-4527-95DF-F4DB213B211E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-01] (Adobe Systems Incorporated)
Task: {AA25ED17-520D-43E0-BA3C-3421089945AF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {B7BE82A3-35C4-4E57-A266-677A4597CC4C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {CE39965C-5A76-455D-94D3-5F816466EF28} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {D2E770E9-5CE3-47A2-AB97-C1DA648E1BB1} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3910134369-2734785477-1122838081-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {F21148BB-A4B6-4F9C-8D9B-655F2F5A3418} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-05] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Diskettenlaufwerk
Description: Diskettenlaufwerk
Class Guid: {4d36e980-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standarddiskettenlaufwerke)
Service: flpydisk
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2013 11:44:52 AM) (Source: MSSQL$ACROSS) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.

Error: (08/09/2013 11:44:52 AM) (Source: MSSQL$ACROSS) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.

Error: (08/09/2013 11:38:00 AM) (Source: MSSQL$ACROSS) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.

Error: (08/09/2013 11:38:00 AM) (Source: MSSQL$ACROSS) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.

Error: (08/09/2013 11:34:07 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/09/2013 11:32:51 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/09/2013 11:32:16 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/09/2013 11:30:43 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (08/09/2013 09:32:58 AM) (Source: MSSQL$ACROSS) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.

Error: (08/09/2013 09:32:58 AM) (Source: MSSQL$ACROSS) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.


System errors:
=============
Error: (08/09/2013 11:46:56 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/09/2013 11:46:56 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/09/2013 11:44:53 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen
tvtool

Error: (08/09/2013 11:44:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NewServiceInstall1" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%193

Error: (08/09/2013 11:44:02 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (08/09/2013 11:40:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (08/09/2013 11:40:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (08/09/2013 11:38:27 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
StarOpen
tvtool

Error: (08/09/2013 11:37:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NewServiceInstall1" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%193

Error: (08/09/2013 11:37:02 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office Sessions:
=========================
Error: (02/18/2013 08:54:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4351 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (09/05/2012 10:03:41 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1671 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (05/01/2012 08:37:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 675 seconds with 660 seconds of active time.  This session ended with a crash.

Error: (05/01/2012 08:25:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 52 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/01/2012 08:24:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3566 seconds with 2040 seconds of active time.  This session ended with a crash.

Error: (12/19/2011 10:48:27 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6980 seconds with 300 seconds of active time.  This session ended with a crash.

Error: (07/12/2011 04:37:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1553 seconds with 1440 seconds of active time.  This session ended with a crash.

Error: (09/24/2010 06:57:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 797 seconds with 300 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-08-08 17:35:46.383
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-08 16:54:15.814
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-08 16:50:06.382
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-08 16:43:53.878
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-08 16:36:09.814
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-13 13:56:19.958
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-13 13:56:19.958
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-13 13:56:19.958
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-13 13:56:19.943
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-12-13 12:21:14.261
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 4091.49 MB
Available physical RAM: 2242.85 MB
Total Pagefile: 8181.17 MB
Available Pagefile: 5895.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:317.98 GB) NTFS (Disk=0 Partition=2)
Drive d: (GRMCPRXFREO_DE_DVD) (CDROM) (Total:2.97 GB) (Free:0 GB) UDF
Drive e: (MUNEYOSHI) (Fixed) (Total:931.51 GB) (Free:650.8 GB) NTFS (Disk=1 Partition=1)
Drive f: (WINDOWS_7) (Removable) (Total:7.45 GB) (Free:1.42 GB) FAT32 (Disk=2 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 825C8D9C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 0084A3B0)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 09.08.2013, 13:13   #4
ryder
/// TB-Ausbilder
 
Firefox öffnet websites wie serve.bannersdontwork - Standard

Firefox öffnet websites wie serve.bannersdontwork



Okay


Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Browserreset mit ZOEK

Achtung! Sichere vorher deine Bookmarks und persönlichen Einstellungen!

Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Klicke auch auf "Options" und wähle die folgenden Optionen aus:
    • Firefox Defaults
    • Reset Chrome
    • Shortcut Fix
    • IE Defaults
    • Reset Hosts
    • Auto Clean
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)



Schritt 2:
Bevor es weiter geht: Besteht das Problem noch?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 09.08.2013, 15:55   #5
Takezo64
 
Firefox öffnet websites wie serve.bannersdontwork - Standard

Firefox öffnet websites wie serve.bannersdontwork



Ob das Problem noch besteht. kann ich im Moment noch nicht sagen, da diese Popus nur von Zeit zu Zeit auftreten. In den letzten Stunden gabe s keine
Code:
ATTFilter
Zoek.exe Version 4.0.0.4 Updated 07-August-2013
Tool run by takezo on 09.08.2013 at 15:45:57,84.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\takezo\AppData\Local\Temp\7zO4A3D.tmp\zoek.com   [Quick Scan] 

==== System Restore Info ======================

09.08.2013 15:48:08 Zoek.exe System Restore Point Created Succesfully.

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\takezo\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-08-09 07:58:13	5FE2CAA3CC70C1364AE7F767EAAFFF3B	6035456	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2013-08-09 07:58:12	55F50E8E3A6AFFE4708D9FDAEFDE35A9	627712	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2013-08-09 07:58:12	28D3546CC3938615DCF789B8D2021B28	11020800	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2013-08-09 07:58:12	1859C6956961159F94A5C90732E55216	2078208	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2013-08-09 07:58:11	674E88718A57589514EC2D7ABEE484AB	1231872	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2013-08-09 07:58:11	51C3407ED17F85672CDB5EF51E7A1CC5	67584	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2013-08-09 07:58:11	137FC18F3EA7AA7533210619FC88CB96	981504	----a-w-	C:\Windows\SysWOW64\wininet.dll
2013-08-09 07:58:10	7241EA6F891B5AD5F92057F3A261F2BF	48128	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2013-08-09 07:58:10	507D2E49E454733C751E8F87B6ADCA19	132096	----a-w-	C:\Windows\SysWOW64\url.dll
2013-08-09 07:58:10	417F67116DAEED871EA9D1F7C1EB04FA	1638912	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2013-08-09 07:58:10	00B32C6614B26E721325E1F4DD8AA133	176640	----a-w-	C:\Windows\SysWOW64\ieui.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-08-09 10:31:23	0AC35BFF68769FA822D1A73373F0434E	108968	----a-w-	C:\Windows\Sysnative\WindowsAccessBridge-64.dll
2013-08-09 07:58:15	24405172225C37271E31C41A9FECF9FE	9070080	----a-w-	C:\Windows\Sysnative\mshtml.dll
2013-08-09 07:58:13	C8D00FA79EFA3FCC789EE321AA76D559	12295680	----a-w-	C:\Windows\Sysnative\ieframe.dll
2013-08-09 07:58:12	FF49C4891CD5A4D4107C23E70FF49544	2458112	----a-w-	C:\Windows\Sysnative\iertutil.dll
2013-08-09 07:58:12	0F6FF32E5650E44213D8E1D09674C19F	735232	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2013-08-09 07:58:11	E300DBCB3315CBA0EFC3FB41B62EFFE2	1492992	----a-w-	C:\Windows\Sysnative\urlmon.dll
2013-08-09 07:58:11	5285BD77AD596B645150073F61EC8466	1188864	----a-w-	C:\Windows\Sysnative\wininet.dll
2013-08-09 07:58:11	0CEF6E7ED1A6A35F504ADF970E47BB1B	97792	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2013-08-09 07:58:10	BD2D47FD178F086C3D83461C37B08638	134144	----a-w-	C:\Windows\Sysnative\url.dll
2013-08-09 07:58:10	B3F8960D1109394828CDCB02DAB03725	64512	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2013-08-09 07:58:10	B1E8B5AED1AA674355A58E42091FB67A	1638912	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2013-08-09 07:58:10	98B35D338CF52256BDB6C0524A68036F	247808	----a-w-	C:\Windows\Sysnative\ieui.dll
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
2013-08-01 06:41:46	CB578FACB5273AFAB6F4E2858BF81399	3190	----a-w-	C:\Windows\Sysnative\Tasks\{DB6ACCCD-48E9-4F00-8B7B-CE588F0A7996}
2013-08-01 06:41:07	CB578FACB5273AFAB6F4E2858BF81399	3190	----a-w-	C:\Windows\Sysnative\Tasks\{E11F9238-8F91-4916-BF69-1FEC8D6EC51C}
2013-08-01 06:03:13	66E1526F1D494C8ED8A5EC1D0A28507A	3238	----a-w-	C:\Windows\Sysnative\Tasks\Dealply
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-08-08 15:12:04	--------	d-----w-	C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-08 09:16:55	--------	d-----w-	C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-12 13:29:29	--------	d-----w-	C:\Program Files (x86)\GUM30A7.tmp
======= C: =====
2013-08-09 10:42:14	4725CBEC65D0D4A7D4B42145378EEDA6	1130	----a-w-	C:\AdwCleaner[S2].txt
2013-08-09 08:30:02	3EB4EDCFAC550EDD00509BE583910BF7	29857	----a-w-	C:\AdwCleaner[S1].txt
2013-08-09 08:28:58	3F5313E9A3195594429BB481A50AEDC8	30018	----a-w-	C:\AdwCleaner[R1].txt
====== C:\Users\takezo\AppData\Roaming ======
2013-08-01 07:00:17	2C6127FC4B8BF35D808524C36191F14F	128	----a-w-	C:\users\takezo\AppData\Roaming\Sandra.ldb
2013-08-01 06:15:16	--------	d-----w-	C:\users\takezo\AppData\Locallow\BittorrentBar_DE
2013-08-01 06:03:00	--------	d-----w-	C:\users\takezo\AppData\Roaming\MetaCrawler
====== C:\Users\takezo ======
2013-08-09 10:55:24	02BFA08B62460195950C54619E557A8A	1790169	----a-w-	C:\Users\takezo\Downloads\FRST64.exe
2013-08-09 10:29:06	510AE350849A02D4E43C80FB59D7A127	33150376	----a-w-	C:\Users\takezo\Downloads\jre-7u25-windows-x64.exe
2013-08-09 10:28:10	CB3D6925F815C86B1BF6CE41BA3EEDB2	903080	----a-w-	C:\Users\takezo\Downloads\jxpiinstall(1).exe
2013-08-09 08:36:47	4ADCFEE16EE9978F06157634669D36FB	602112	----a-w-	C:\Users\takezo\Downloads\OTL(1).exe
2013-08-09 08:28:30	4C47469F47FD9F8437B62A86F6E0874F	666633	----a-w-	C:\Users\takezo\Downloads\adwcleaner.exe
2013-08-08 15:13:44	157F2DADD3FD886C0967AB1DE0726346	26603280	----a-w-	C:\Users\takezo\Downloads\SUPERAntiSpyware (1).exe
2013-08-08 15:12:36	--------	d-----w-	C:\ProgramData\Spybot - Search & Destroy
2013-08-08 09:14:19	751993D728C24C13D97890E3FDFDDEF3	282112	----a-w-	C:\Users\takezo\Downloads\Firefox Setup Stub 23.0.exe
2013-08-01 05:59:13	5739AD63C42A56F82A996E9534859BE0	655200	----a-w-	C:\Users\takezo\Downloads\setup(2).exe
2013-07-28 19:35:53	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2013-07-23 08:16:26	--------	d-----w-	C:\ProgramData\iolo

====== C: exe-files ==
2013-08-09 14:44:55	0E67ADE0936ED6B1B9F762161A5865BD	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IK05H7G.exe
2013-08-09 14:44:15	A90B805BB693E88FF7E2E89EB93CF1DD	1276495	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$RK05H7G.exe
2013-08-09 10:55:24	02BFA08B62460195950C54619E557A8A	1790169	----a-w-	C:\Users\takezo\Downloads\FRST64.exe
2013-08-09 10:33:45	07C90B494645F1A143D934139F49264A	802816	----a-w-	C:\Users\takezo\AppData\Local\Temp\{2ADE066E-67C8-459B-B0C7-58162A482604}\setup.exe
2013-08-09 10:29:06	510AE350849A02D4E43C80FB59D7A127	33150376	----a-w-	C:\Users\takezo\Downloads\jre-7u25-windows-x64.exe
2013-08-09 10:28:10	CB3D6925F815C86B1BF6CE41BA3EEDB2	903080	----a-w-	C:\Users\takezo\Downloads\jxpiinstall(1).exe
2013-08-09 08:36:47	4ADCFEE16EE9978F06157634669D36FB	602112	----a-w-	C:\Users\takezo\Downloads\OTL(1).exe
2013-08-09 08:28:30	4C47469F47FD9F8437B62A86F6E0874F	666633	----a-w-	C:\Users\takezo\Downloads\adwcleaner.exe
2013-08-09 06:27:11	FEE1C90AF84E759CBBE45C0FA9B63012	254064	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\spybotsd2-translation-frx.exe
2013-08-09 06:25:38	0C68C4B59CEF048ADADCA4FC4EA6991A	17392	----a-w-	C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDisableProxy.exe
2013-08-08 15:13:44	157F2DADD3FD886C0967AB1DE0726346	26603280	----a-w-	C:\Users\takezo\Downloads\SUPERAntiSpyware (1).exe
2013-08-08 09:16:58	EF6E0659CE7F6C413BCBE6AE5E824FF6	106212	----a-w-	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
2013-08-08 09:16:56	E6DB6C61739E18906DC2C4191F6EDEA2	117656	----a-w-	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
2013-08-08 09:14:19	751993D728C24C13D97890E3FDFDDEF3	282112	----a-w-	C:\Users\takezo\Downloads\Firefox Setup Stub 23.0.exe
2013-08-08 00:56:47	ECC5739F0521210B10D312AC5D0E93E9	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IWHX9VC.exe
2013-08-08 00:56:47	DF6B24663A3A5CB623F3C591FE5618CB	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IW23D0E.exe
2013-08-08 00:56:47	CF830C5C24DE4DC359334098269D3FDB	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$ISUD5N7.exe
2013-08-08 00:56:47	CF12B09188DC8589C1AA778CBCCB4251	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$I5XQ2EF.exe
2013-08-08 00:56:47	41030F375AD599B34DCB8998497B29BB	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IC9D7SI.exe
2013-08-08 00:56:47	3FBB30188B39224014CBC3F4951136EF	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IT5NHNS.exe
2013-08-08 00:56:47	3CA2E63847F8299BE6A8CF885FC8EB2D	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IQ9WTWB.exe
2013-08-08 00:56:47	36544671C7A64127CB5B253E8BC2ADB8	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IBODHBU.exe
2013-08-08 00:56:47	3220287B964DADB9B8B8D3AEF41F134B	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IMZI4F6.exe
2013-08-08 00:56:47	2DE96CF246F4288101A53B9B23888F1B	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IQ1DCYF.exe
2013-08-08 00:56:47	27E46098C11C6C8A8F98FE6B5D3BD4DD	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$I15IEIV.exe
2013-08-08 00:56:47	1ED5DF90D31D98EE2ACC2092048F3CCD	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$ILU5T4H.exe
2013-08-08 00:56:47	185E6558E494FAA849E3E15D23858072	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$I3JS4C1.EXE
2013-08-08 00:56:47	16241FFBAE94C8F14073E13C854EE299	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$I7NTKFY.exe
2013-08-08 00:56:46	C6083ABFF211678392FA65DF912AB7AD	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IP6J4EL.exe
2013-08-08 00:56:46	6843D9FE3A3C215E77F15641EBB0509A	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IZE9SWU.exe
2013-08-08 00:56:46	11B91B98F79C3AAF2A0FA5FE89997F3E	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$I8BR2W9.exe
2013-08-08 00:56:45	13186D6731CFD3C6B72D84CAF3C08109	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$I18RAFN.exe
2013-08-08 00:56:44	C6E8D25C240687E2223E1E879881FD7B	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$ILUGUSM.exe
2013-08-08 00:56:44	32DDF05CCCD2821DE036F74F58AAB4AD	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$I8N7YQV.exe
2013-08-08 00:56:43	BF8EA3DC203DFB9A5D46A0EF96E7C236	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$I0NEFVA.exe
2013-08-08 00:56:43	62992C966C6CA6364854561706AD24B5	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IZGCZ8C.exe
2013-08-07 23:34:53	197897E3F174FE735DA956E8E13C0735	1962152	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$RN7II6N\decleaner\setup\decleaner.exe
2013-08-07 23:34:49	F84AFCDAFF36E60990B5C453A65829AA	514216	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$RN7II6N\decleaner\setup\avscan.exe
2013-08-07 23:34:47	E455A23342508B43EF65C24713F12F6F	66216	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$RN7II6N\decleaner\setup\Avira-DE-Cleaner-starten.exe
2013-08-07 23:34:07	8F1EC16BC8C8A4C6751C030A7054EA01	59560	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$RN7II6N\DE-Cleaner-Install.exe
2013-08-07 23:34:07	1DA7784423C59638B3708BBA6645FBE3	299688	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$RN7II6N\avwebloader.exe
=== C: other files ==
2013-08-08 16:01:24	C6C60D2751E091582DCA998739ED8758	4250	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0001.zip
2013-08-08 16:01:24	9E113A31409A7E4F50028D45590E6297	4254	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0001.zip
2013-08-08 16:01:23	FB778F2C1EF4D9E17A954B3A8C5F4F3D	749	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Office 12.0-0001.zip
2013-08-08 16:01:23	F897A386A3D91C2E82D9D8DB99020640	814	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Office 12.0 (PowerPoint)-0001.zip
2013-08-08 16:01:23	E095D4822BA2041FBD602C182F3D0397	784	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Office 12.0 (Word)-0001.zip
2013-08-08 16:01:23	C515414147773993D7D83B144F95E11D	759	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0001.zip
2013-08-08 16:01:23	AB7AB3FC1CEB056DF5D9C33F4629CD58	764	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0001.zip
2013-08-08 16:01:23	77E301B1C32BCA6C867E0ED0B20B8E82	714	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0001.zip
2013-08-08 16:01:23	4BC2ECA93BAF79994EBC5CE4DAA8AB16	729	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Regedit-0001.zip
2013-08-08 16:01:23	2C0B1E24F3675A3A3915C11E839540BA	718	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Paint-0001.zip
2013-08-08 16:01:23	221D7A88F744A8DA0FF482D01751D598	789	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Office 12.0 (Excel)-0001.zip
2013-08-08 16:01:23	11F6D6A6797AB63262659EEF1A20AB13	709	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\WinRAR-0001.zip
2013-08-08 16:01:23	091ACCCCE2A15F325EC0D9E162A379EC	759	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0001.zip
2013-08-08 16:01:23	090A3B47CE25CB04E46A8668AE6BCB53	729	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Wordpad-0001.zip
2013-08-08 16:01:22	F0FE6997079E9A8DD14AB8C48FB98F52	754	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0001.zip
2013-08-08 16:01:22	C3FC94941E689C5EEBC282DAD9580625	784	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0001.zip
2013-08-08 16:01:22	B3A9FA35A3ABB66336414E927E8E68CD	734	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0001.zip
2013-08-08 16:01:22	584028518482298033DAC0163885CBB0	744	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0001.zip
2013-08-08 16:01:22	02691ECDC85D3A40D55B60FB8DA93BA9	749	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectInput-0001.zip
2013-08-08 16:01:21	B2EFE9FB92B04B43501FD27DEDC7114D	703	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\7-Zip-0001.zip
2013-08-08 16:01:21	9D7F0F14DDB7EDACA3EDA99FE9466DAB	7744	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Adobe FlashPlayer Cookies-0001.zip
2013-08-08 16:01:21	04B78D64AA3BC2F59B464EC066406019	763	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0001.zip
2013-08-08 16:01:04	46CA07DD80D51D0A6676141ABE73D5DA	4212	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip
2013-08-08 16:01:01	049998F7CDBE93711C8CF2B571D580DE	4213	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip
2013-08-08 16:01:00	3298729460101DD50C374D69C8AE62E6	764	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip
2013-08-08 16:01:00	03C1333B4150D14D86A9A6449889B629	709	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\WinRAR-0000.zip
2013-08-08 16:00:59	0168CBD13F6C5F2B6FB0A2F88FA78801	759	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip
2013-08-08 16:00:58	CCCCF2D4E7543C0C05DE9AE5AF448AA0	714	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0000.zip
2013-08-08 16:00:58	12BE5F39F9D2CCA40A38BFEF3BEEA680	759	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip
2013-08-08 16:00:57	D54101016E11DF4E3073783276986FE4	729	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Wordpad-0000.zip
2013-08-08 16:00:57	B08B0C204D72BA3931EB69D6D3D8C1DB	729	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Regedit-0000.zip
2013-08-08 16:00:56	80914CA3EDAEA880C4769C8A9C9708B5	784	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Office 12.0 (Word)-0000.zip
2013-08-08 16:00:56	0B8C2669345A95306704B6C9199A81C2	718	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Paint-0000.zip
2013-08-08 16:00:55	C0A7F84B99B923B83F525EF5DE7FFC54	814	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Office 12.0 (PowerPoint)-0000.zip
2013-08-08 16:00:54	BFB475C0D061CA7B61481C2A20595E55	749	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Office 12.0-0000.zip
2013-08-08 16:00:54	57F71F0AD7095043EA53CBD54E45B032	789	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Office 12.0 (Excel)-0000.zip
2013-08-08 16:00:53	F9B471F3CEE8909452ACFF72E8DDB257	749	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectInput-0000.zip
2013-08-08 16:00:53	9B4480FF314C2754C7C2C1A260F025C3	744	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip
2013-08-08 16:00:52	74DE840378B118EEFED3D62CD799854D	734	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip
2013-08-08 16:00:51	C498FEC91E961322B302DCBBD9EF1B91	753	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip
2013-08-08 16:00:50	317D2C14DE68D200F40FDA42EDD368EC	784	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0000.zip
2013-08-08 16:00:50	03CB1BAACE2E763E50C25178490AE920	47738	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Adobe FlashPlayer Cookies-0000.zip
2013-08-08 16:00:49	1EE0F975E38D021578DA16194E6C69D6	764	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip
2013-08-08 16:00:41	B9D919189FBC2A07959E5DF589D96037	703	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\7-Zip-0000.zip
2013-08-08 15:59:06	0E156EEB33A268ED112F8B36B8A30372	714	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\SweetIM-0001.zip
2013-08-08 15:59:05	EF350FC9EFA5502A2191F38E5A9E224D	752	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Yontoo.Pagerage-0001.zip
2013-08-08 15:59:01	40E2C29C135EAA8164B5DA877AA2498A	753	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Babylon.Toolbar-0001.zip
2013-08-08 15:58:48	4A73668F8EF3F5653E29C71694726078	714	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\SweetIM-0000.zip
2013-08-08 15:58:47	71BF23FD090C9EBB4E88A2A760EAFD9F	752	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Yontoo.Pagerage-0000.zip
2013-08-08 15:58:42	D93D2196C954E5E11AF475164509E986	754	----a-w-	C:\ProgramData\Spybot - Search & Destroy\Quarantine\Babylon.Toolbar-0000.zip
2013-08-08 11:41:55	6F5F09B1084C09EA3FB026BA105DE4D7	143654	----a-r-	C:\Users\takezo\AppData\Local\Temp\dici_oxyval_und_re_oxyval.zip
2013-08-08 00:56:47	E1D1C6C9FBC404E28F3784BF16A0DE7C	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$ILG5QEM.bat
2013-08-08 00:56:47	C9DAB7FAECA8EEE19002D8ED8D7EDB2E	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IECV11A.bat
2013-08-08 00:56:47	BE4F28ADCED849B65303B8A9BCD7F03C	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$II6W5T0.zip
2013-08-08 00:56:47	BC294C6B78A6B3D436E04684B2FFE3C4	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$I3KCWGT.zip
2013-08-08 00:56:47	9C7FAA0944343BCA3F448D39E774DF9C	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IQAMDPP.zip
2013-08-08 00:56:47	7A3E9964EC5B3748B134E0F53C9883F6	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IVMT8FU.xpi
2013-08-08 00:56:47	727366E5A41AE6BE247D3C24D5F6B127	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$I4Y2DJ7.xpi
2013-08-08 00:56:47	6A599C84D32E0B556B1367EE6AC7A06E	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IPGJ22Y.zip
2013-08-08 00:56:47	57D113F1F8B2C0C98D43210FF273CF25	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$ILICHED.xpi
2013-08-08 00:56:47	3DAEDE428D25FCFEA196997307E5A848	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IWKW8DB.xpi
2013-08-08 00:56:47	30F7DE402D82BA04BD9583C203B7145F	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IBOUKZF.zip
2013-08-08 00:56:47	2FF31D770F8813C2F38AE0E93E245732	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IDDQ7D1.zip
2013-08-08 00:56:45	5F8DF2C56A0E842885AB6AA6EFC0CDF0	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IAUQGBB.zip
2013-08-08 00:56:44	D11BDF20DF6379129D24344DD4F52005	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IJ37OXW.zip
2013-08-08 00:56:44	7E24F561E23F81A2F6C8443745FF87D9	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$IMXO7Y2.zip
2013-08-08 00:56:44	1882DC5760F4A4FE0F727F7BB535FCAD	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$ILVPLNU.zip
2013-08-07 23:34:07	3EA2DE4C7E3EEBD3A8358ACF3758FC31	2029	----a-w-	C:\$Recycle.Bin\S-1-5-21-3910134369-2734785477-1122838081-1001\$RN7II6N\Uninstall.vbs

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3910134369-2734785477-1122838081-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe -scheduler"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"ares"="C:\Program Files (x86)\Ares\Ares.exe -h"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe -scheduler"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"ares"="C:\Program Files (x86)\Ares\Ares.exe -h"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS5.5ServiceManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS5.5ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS5.5ServiceManager\\CS5.5ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AutoStartNPSAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AutoStartNPSAgent"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Samsung New PC Studio\\NPSAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BitTorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\BitTorrent\\BitTorrent.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrMfcWnd]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BrMfcWnd"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ControlCenter3]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ControlCenter3"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Brother\\ControlCenter3\\brctrcen.exe /autorun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\eMuleAutoStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="eMuleAutoStart"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\eMule\\emule.exe -AutoStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IndexSearch]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndexSearch"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ScanSoft\\PaperPort\\IndexSearch.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelliPoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IntelliPoint"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Device Center\\ipoint.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesAirMessage]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesAirMessage"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesAirMessage.exe -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesPreload]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesPreload"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\Kies.exe /preload"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KiesTrayAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KiesTrayAgent"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\KiesTrayAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MagicTuneEngine]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MagicTuneEngine"
"hkey"="HKLM"
"command"="C:\\Program Files\\MagicTune Premium\\MagicTuneLauncher.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBAgent"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Nero\\Nero 10\\Nero BackItUp\\NBAgent.exe\" /WinStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PaperPort PTD]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PaperPort PTD"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ScanSoft\\PaperPort\\pptd40nt.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SSBkgdUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SSBkgdUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SUPERAntiSpyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SUPERAntiSpyware"
"hkey"="HKCU"
"command"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SwitchBoard"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TkBellExe"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Real\\RealPlayer\\Update\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VMCL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VMCL"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\vodafone\\vmclite\\DongleEnumerator.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Acrobat Assistant.lnk"
"backup"="C:\\Windows\\pss\\Acrobat Assistant.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\Adobe\\ACROBA~1.0\\Distillr\\acrotray.exe "
"item"="Acrobat Assistant"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bluetooth.lnk"
"backup"="C:\\Windows\\pss\\Bluetooth.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTTray.exe "
"item"="Bluetooth"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.exe.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\GammaTray.exe.lnk"
"backup"="C:\\Windows\\pss\\GammaTray.exe.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\MAGICT~1\\GAMMAT~1.EXE "
"item"="GammaTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SDL Trados 2007 Speed Launcher.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\SDL Trados 2007 Speed Launcher.lnk"
"backup"="C:\\Windows\\pss\\SDL Trados 2007 Speed Launcher.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\SDLINT~1\\SDLTRA~1\\Synergy.exe preload"
"item"="SDL Trados 2007 Speed Launcher"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [01.08.2013 06:46]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05.09.2011 10:33]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05.09.2011 10:33]

==== Firefox Extensions ======================

ProfilePath: C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default
- Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
- Dictionary Switcher - %ProfilePath%\extensions\dictionary-switcher@design-noir.de
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Google Docs Viewer - %ProfilePath%\extensions\adonis.cuhk@gmail.com.xpi
- Personas Plus - %ProfilePath%\extensions\personas@christopher.beard.xpi
- GMX MailCheck - %ProfilePath%\extensions\toolbar@gmx.net.xpi
- PDF Download - %ProfilePath%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\takezo\AppData\Roaming\Mozilla\Firefox\Profiles\4hb2tzne.default
0C8597DBC74AAF5179471BA013E3C6B4	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll -	Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bgnnidmnbdkmhfkjgdnngciimpdgohok - C:\Program Files (x86)\ATDheNetTVApp.com\stv11.crx[]
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx[25.10.2012 13:44]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx[25.10.2012 13:44]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx[25.10.2012 13:44]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx[22.04.2013 10:26]
jfmjfhklogoienhpfnppmbcbjfjnkonk - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx[]
kpionmjnkbpcdpcflammlgllecmejgjj - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx[]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx[25.10.2012 13:44]

Kaspersky URL Advisor - takezo - Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
AdBlock - takezo - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Safe Money - takezo - Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Content Blocker - takezo - Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
Virtual Keyboard - takezo - Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
Anti-Banner - takezo - Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman

==== EOF on 09.08.2013 at 15:53:59,76 ======================
         


Alt 09.08.2013, 18:38   #6
ryder
/// TB-Ausbilder
 
Firefox öffnet websites wie serve.bannersdontwork - Standard

Firefox öffnet websites wie serve.bannersdontwork



Na dann hoffen wir mal.

Gut!

Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten.


Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)

Quick-Scan mit Malwarebytes
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Schritt 2:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte poste das Logfile hier oder teile mir mit, dass nichts gefunden wurde.
Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!


Schritt 3:

Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
--> Firefox öffnet websites wie serve.bannersdontwork

Alt 11.08.2013, 10:30   #7
ryder
/// TB-Ausbilder
 
Firefox öffnet websites wie serve.bannersdontwork - Standard

Firefox öffnet websites wie serve.bannersdontwork



Hallo, benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Alt 13.08.2013, 12:59   #8
ryder
/// TB-Ausbilder
 
Firefox öffnet websites wie serve.bannersdontwork - Standard

Firefox öffnet websites wie serve.bannersdontwork



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst. Keine Logfiles einsenden, nur kurzer Hinweis, nachdem du deine Logfiles hier eingestellt hast.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!

Antwort

Themen zu Firefox öffnet websites wie serve.bannersdontwork
adobe, avira, bho, bonjour, desktop, ebanking, entfernen, explorer, firefox, flash player, format, gmx.net, helper, kaspersky, kaspersky internet security 2013, logfile, mozilla, nvidia, realtek, registry, security, server, software, superantispyware, tastatur, temp, windows, öffnet



Ähnliche Themen: Firefox öffnet websites wie serve.bannersdontwork


  1. Probleme mit serve.bannersdontwork.com
    Log-Analyse und Auswertung - 07.12.2013 (7)
  2. Windows 8 - serve.bannersdontwork
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (7)
  3. N°1 serve.bannersdontwork.com
    Log-Analyse und Auswertung - 26.09.2013 (7)
  4. Problem mit serve.bannersdontwork.com
    Log-Analyse und Auswertung - 25.09.2013 (4)
  5. N°2 serve.bannersdontwork.com
    Mülltonne - 25.09.2013 (1)
  6. serve.bannersdontwork.com
    Log-Analyse und Auswertung - 17.09.2013 (13)
  7. Problem mit http://serve.bannersdontwork.com
    Log-Analyse und Auswertung - 22.08.2013 (9)
  8. serve.bannersdontwork.com
    Log-Analyse und Auswertung - 15.08.2013 (15)
  9. Win7 - 64bit: Öffnen von http://serve.bannersdontwork.com/text/javascript und http://serve.bannersdontwork.com/&m=true in Firefox
    Log-Analyse und Auswertung - 13.08.2013 (17)
  10. wieder serve.bannersdontwork.com etc.
    Plagegeister aller Art und deren Bekämpfung - 04.08.2013 (16)
  11. Wie entferne ich http://serve.bannersdontwork.com/text/javascript http://serve.bannersdontwork.com/&m=true
    Log-Analyse und Auswertung - 18.06.2013 (10)
  12. IE & Firefox öffnen eigenständig Seiten http://serve.bannersdontwork.com etc.
    Log-Analyse und Auswertung - 10.06.2013 (23)
  13. Firefox öffnet automatisch attakierende Websites und weitere Kuriositäten
    Plagegeister aller Art und deren Bekämpfung - 09.02.2011 (21)
  14. Firefox Öffnet in Google falsche Links und öffnet spontan Websites in neuem Tab
    Plagegeister aller Art und deren Bekämpfung - 28.11.2010 (5)
  15. Firefox öffnet ungewollt Websites + Generic Host Problem
    Log-Analyse und Auswertung - 22.11.2010 (45)
  16. Erfolgreiche Antimalware Doctor Entfernung? Firefox öffnet selbstständig Websites
    Log-Analyse und Auswertung - 18.06.2010 (3)
  17. Firefox öffnet immer Websites
    Log-Analyse und Auswertung - 02.01.2009 (9)

Zum Thema Firefox öffnet websites wie serve.bannersdontwork - Hi! Ich hab schon diverse Scans durchgeführt, trotzdem öffnet sich von Zeit zu Zeit eine solche Seite. Ein Protokoll mit OLT hab ich erstellt. Siehe hier: OTL logfile created on: - Firefox öffnet websites wie serve.bannersdontwork...
Archiv
Du betrachtest: Firefox öffnet websites wie serve.bannersdontwork auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.