Googlelinks/Links werden umgeleitet
Hallo,
Habe ein Probleme mit Googletreffern bzw. allgemein Links.
Mein Problem:
Ich Suche etwas über die normale Googlesuche und es erscheinen Treffer. Darüber die normal Google Adworksanzeigen. Nur sind oftmals einige Anzeigen etwas dubios: Sie haben als erstes einen blinkenden roten Schriftzug: "Click Free" (Was mir als keine Funktion von Google Adworks erscheint), ein Klick auf die Anzeige bringt meist kurz ein weißes Fenster worin oben rechts irgendetwas von "The document has moved, redirecting...", auch werden zum Teil auch normale Suchergebnisse oder Links (wie hier im Forum) umgeleitet.
Ich schätze mal ich habe mir Malware oder so etwas in der Art eingefangen.
Habe schon etwas gegoogelt und auch andere Posts dazu gefunden, worin das gleiche Problem beschrieben war. Nur da ich nicht allzuviel Ahnung von den Logfileprogrammen etc. habe und auch die meisten Dinge speziell für den jeweiligen Nutzer angepasst wurden wollte ich hier nocheinmal nachfragen, wie ich am besten vorgehe oder wie ich der Malware zu Leibe rücken kann.
Gestern habe ich schon einen kompletten Systemscan mit Kaserpsky durchgeführt, doch auch dies brachte keine Ergebnisse.
Mein System:
Win7 64Bit
Intel Core i7 2600K
8Gb Ram
Kaspersky Internet Security 2013
Gruss Philipp
Meine Logs:
defogger_disable.txt Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:25 on 25/05/2013 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL.txt Code:
OTL logfile created on: 5/25/2013 11:28:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7.98 Gb Total Physical Memory | 6.30 Gb Available Physical Memory | 79.03% Memory free
15.95 Gb Paging File | 14.21 Gb Available in Paging File | 89.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1831.92 Gb Total Space | 644.20 Gb Free Space | 35.17% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 11.93 Gb Free Space | 39.76% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 71.21 Mb Free Space | 71.21% Space Free | Partition Type: NTFS
Computer Name: PC-PHILIPP-PÜTZ | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/05/25 11:27:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/06 12:30:16 | 008,219,400 | ---- | M] (AceBIT GmbH) -- C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe
PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/03/11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/03/11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/01/10 16:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2010/11/17 18:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008/08/29 15:20:56 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2013/05/05 08:47:36 | 000,023,728 | ---- | M] () [Auto | Running] -- c:\Program Files\Ocster 1-Click Backup\bin\backupService-ox1c.exe -- (ocster_1clk_backup)
SRV:64bit: - [2012/04/26 11:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV:64bit: - [2010/10/28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/05/23 18:26:30 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/18 21:00:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/01/04 21:53:46 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/12/29 12:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/09/12 15:30:42 | 000,450,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto | Running] -- C:\Windows\SysWOW64\STGRAMDiskHandler64.exe -- (Steganos Volatile Disk)
SRV - [2011/03/11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/03/11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/10 16:24:20 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 16:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/29 15:20:56 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/05/20 12:44:32 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2013/05/20 12:44:32 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2013/04/24 11:58:35 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/04/24 11:58:35 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/04/24 11:58:35 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013/02/25 20:02:50 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2012/12/26 16:46:26 | 000,276,256 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV:64bit: - [2012/11/09 16:33:30 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012/11/09 16:33:30 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012/11/09 16:33:30 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012/11/09 16:33:30 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2012/11/09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012/11/09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012/10/25 13:42:02 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/10/25 13:42:02 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/10/17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/10/08 20:52:52 | 000,031,968 | -H-- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/07/03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/06/19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/12/15 20:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/11/17 11:38:32 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011/11/14 08:11:10 | 000,572,336 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2011/11/14 08:11:10 | 000,352,816 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2011/11/14 08:11:10 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2011/09/22 22:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/09/12 15:30:42 | 000,028,576 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt.com) [Driver] [Kernel | System | Running] -- C:\Windows\SysNative\drivers\STGMFEngine64.sys -- (STGMFEngine64)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/29 17:46:48 | 000,716,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2011/03/11 14:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 23:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 23:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010/09/01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/08/24 19:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010/08/24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/07/01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/05/20 12:30:24 | 000,030,800 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\OODrvled.sys -- (oodrvled)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/09/12 15:28:52 | 000,108,256 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\SleeN1764.sys -- (SLEE_17_DRIVER)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=fa252e1200000000000000ff47ed28cd
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {353E8332-C635-4408-B21A-8D11376775F3}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=120133&babsrc=SP_ss&mntrId=fa252e1200000000000000ff47ed28cd
IE - HKCU\..\SearchScopes\{353E8332-C635-4408-B21A-8D11376775F3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDND_de
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{961737C4-F3E3-4849-B7EA-4A64EE3B9FCF}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = hxxp://search.webwebweb.com/search.php?query={searchTerms}&lang=de&zip=&town=&site=&country=&safe=[safe,off,strict]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledAddons: AppTabNavBGone%40FireFox:1.0
FF - prefs.js..extensions.enabledAddons: savesession%40noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7B8A6C82A1-F6C9-481a-AAE7-C96444C9A754%7D:6.2.0
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.5
FF - prefs.js..extensions.enabledAddons: SoundFrost%40helper.com:3.7.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.http: "212.88.157.205 "
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox6\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\passworddepot@acebit.com: C:\Program Files (x86)\AceBIT\Password Depot 6\Firefox\ [2012/09/21 17:38:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/04/24 11:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/04/24 11:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/04/24 11:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/04/24 11:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/04/24 11:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox6\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox6\plugins [2013/05/23 18:26:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/29 20:44:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\SoundFrost@helper.com: C:\Program Files (x86)\SoundFrost\SoundFrost.xpi [2013/05/20 11:21:23 | 000,038,116 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox6\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox6\plugins [2013/05/23 18:26:28 | 000,000,000 | ---D | M]
[2011/04/29 18:09:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013/02/09 16:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6r5uir6n.tarnfox\extensions
[2012/04/02 11:06:18 | 000,000,000 | ---D | M] (Click&Clean) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6r5uir6n.tarnfox\extensions\clickclean@hotcleaner.com
[2012/12/14 17:06:42 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6r5uir6n.tarnfox\extensions\ffxtlbr@babylon.com
[2013/05/23 21:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\99lhhtf4.default\extensions
[2012/10/08 18:52:02 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\99lhhtf4.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/11/30 20:55:24 | 000,000,000 | ---D | M] (PrefBar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\99lhhtf4.default\extensions\{8A6C82A1-F6C9-481a-AAE7-C96444C9A754}
[2012/12/14 17:06:42 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\99lhhtf4.default\extensions\ffxtlbr@babylon.com
[2013/02/09 16:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fkg3fotr.FF6\extensions
[2012/12/14 17:06:42 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fkg3fotr.FF6\extensions\ffxtlbr@babylon.com
[2012/03/30 13:05:12 | 000,035,695 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\facebook@disconnect.me.xpi
[2012/05/09 18:21:22 | 000,272,844 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2012/03/30 13:05:12 | 000,008,503 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\longurlplease@darragh.curran.xpi
[2012/05/09 19:12:45 | 000,181,880 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\stealthyextension@gmail.com.xpi
[2012/03/30 13:05:12 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\trackerblock@privacychoice.org.xpi
[2012/06/03 17:54:23 | 000,524,866 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/03/30 13:05:12 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6r5uir6n.tarnfox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/11/04 15:04:18 | 000,010,219 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\AppTabNavBGone@FireFox.xpi
[2011/11/06 19:01:39 | 000,011,238 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\autohidetabbar@tiptt.blogspot.com.xpi
[2013/04/20 19:10:50 | 000,301,821 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\compatibility@addons.mozilla.org.xpi
[2012/07/06 17:51:31 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013/01/08 22:06:42 | 000,223,719 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\isreaditlater@ideashower.com.xpi
[2011/04/29 18:52:04 | 000,013,039 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\savesession@noasobi.net.xpi
[2012/09/12 18:45:53 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\testpilot@labs.mozilla.com.xpi
[2011/09/12 18:18:09 | 000,972,420 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{3cd27e92-1a30-11da-94c6-00e08161165f}.xpi
[2013/05/02 18:01:40 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
[2013/05/05 18:17:49 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/05/17 21:30:17 | 000,117,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012/12/11 20:44:51 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/05/08 19:59:31 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/23 18:29:46 | 000,395,933 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
[2011/10/29 20:48:56 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/05/23 21:07:33 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011/08/15 14:52:17 | 000,588,498 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fkg3fotr.FF6\extensions\testpilot@labs.mozilla.com.xpi
[2012/12/14 17:06:43 | 000,002,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\searchplugins\babylon1.xml
[2013/02/09 16:40:22 | 000,001,300 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\99lhhtf4.default\searchplugins\claro.xml
[2011/09/18 20:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/05/20 11:21:23 | 000,038,116 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\SOUNDFROST\SOUNDFROST.XPI
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\{8A6C82A1-F6C9-481A-AAE7-C96444C9A754}
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\APPTABNAVBGONE@FIREFOX.XPI
File not found (No name found) -- C:\USERS\PHILIPP PüTZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\99LHHTF4.DEFAULT\EXTENSIONS\SAVESESSION@NOASOBI.NET.XPI
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.claro-search.com/?affID=120133&babsrc=HP_ss&mntrId=fa252e1200000000000000ff47ed28cd
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Philipp P\u00FCtz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Philipp P\u00FCtz\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Philipp P\u00FCtz\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: J3S cbasscfg Plugin (Enabled) = C:\Users\Philipp P\u00FCtz\AppData\Local\Google\Chrome\User Data\Default\Extensions\godhaonflehefmbmgmlpenkpagcplgoa\1.0.26_0\cbasscfg.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Philipp P\u00FCtz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox6\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox6\plugins\npwachk.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Mozilla Firefox6\plugins\npyaxmpb.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Voice Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad\1.1.1_0\
CHR - Extension: Password Depot Browser Extension for Google Chrome = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkcgcjpeajeajpcpbdbgbknfaijnpdc\6.1.6_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: SoundFrost = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikglikieapkdofgcaifhkgmkclbamcm\3.7.0_0\
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
O1 HOSTS File: ([2012/09/21 17:13:12 | 000,000,825 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\pdIEAddOn64.dll (AceBIT)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SoundFrost) - {081524f7-7ed8-43ff-b01e-915c410a9cbe} - C:\PROGRA~2\SOUNDF~1\SOUNDF~1.DLL (SoundFrost Company)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\pdIEAddOn32.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Password Depot] C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Privacy Suite 12\SPMIEToolbar.dll (Steganos Software GmbH)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files (x86)\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3670E1BA-272C-4AD6-9B24-F5090D9A727D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D49D72A-73C8-416F-AC56-5057BACB0B4C}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E3C0950-82AC-4CA4-BA5C-5553F4EADEF1}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBCBA93C-83CE-4B24-8FCB-CC70CDAD0B93}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/14 17:51:28 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{05e8ea0b-7e29-11e0-af12-1078d2eb1e44}\Shell - "" = AutoRun
O33 - MountPoints2\{05e8ea0b-7e29-11e0-af12-1078d2eb1e44}\Shell\AutoRun\command - "" = G:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{6a77913d-a27c-11e0-9d4d-1078d2eb1e44}\Shell - "" = AutoRun
O33 - MountPoints2\{6a77913d-a27c-11e0-9d4d-1078d2eb1e44}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{c55c6e51-7275-11e0-ad08-1078d2eb1e44}\Shell - "" = AutoRun
O33 - MountPoints2\{c55c6e51-7275-11e0-ad08-1078d2eb1e44}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e919b4df-3d1c-11e1-a765-1078d2eb1e44}\Shell - "" = AutoRun
O33 - MountPoints2\{e919b4df-3d1c-11e1-a765-1078d2eb1e44}\Shell\AutoRun\command - "" = Z:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/05/25 11:27:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013/05/24 14:07:31 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/05/23 18:26:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox6
[2013/05/20 12:44:32 | 000,027,760 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2013/05/20 12:44:32 | 000,014,448 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2013/05/20 12:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2013/05/20 12:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2013/05/20 12:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013/05/20 12:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2013/05/20 12:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2013/05/20 11:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundFrost
[2013/05/20 11:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoundFrost
[2013/05/19 13:36:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0BF64BBD-B97F-44D1-8462-1601E5CF4927}
[2013/05/18 21:48:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D0A5BD75-6024-4A3B-96DC-EBFF85F5EFB9}
[2013/05/17 21:21:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kursfahrt London 2013
[2013/05/11 12:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ocster 1-Click Backup
[2013/05/02 19:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NSS
[2013/05/02 19:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NSS
[2013/05/01 11:27:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Religion
[2013/04/28 10:43:02 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Leawo
[2013/04/28 10:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo
[2013/04/28 10:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
[2013/04/28 10:42:38 | 000,606,208 | ---- | C] (hxxp://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll
[2013/04/28 10:42:38 | 000,438,272 | ---- | C] (Gabest) -- C:\Windows\SysWow64\Mpeg2DecFilter.ax
[2013/04/28 10:42:38 | 000,139,264 | ---- | C] (hxxp://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2013/04/28 10:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo
[2011/05/19 00:56:23 | 000,266,240 | ---- | C] (vbAccelerator) -- C:\Program Files (x86)\vbalTreeView6.ocx
[2011/05/19 00:56:23 | 000,122,880 | ---- | C] (vbAccelerator) -- C:\Program Files (x86)\cPopMenu6.ocx
[2011/05/19 00:56:23 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Program Files (x86)\SSubTmr6.dll
[2011/05/18 23:56:23 | 000,266,240 | ---- | C] (vbAccelerator) -- C:\Program Files\vbalTreeView6.ocx
[2011/05/18 23:56:23 | 000,122,880 | ---- | C] (vbAccelerator) -- C:\Program Files\cPopMenu6.ocx
[2011/05/18 23:56:23 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Program Files\SSubTmr6.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/05/25 11:27:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013/05/25 11:25:54 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013/05/25 11:25:25 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013/05/25 11:22:01 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1749649401-1888572752-1075402513-1000UA.job
[2013/05/25 10:42:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/25 10:38:34 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/25 10:38:34 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/25 10:34:50 | 001,800,066 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/25 10:34:50 | 000,763,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013/05/25 10:34:50 | 000,718,322 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/25 10:34:50 | 000,173,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013/05/25 10:34:50 | 000,146,344 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/25 10:27:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/25 10:27:15 | 2128,744,447 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/24 22:20:23 | 000,010,644 | ---- | M] () -- C:\Windows\SysNative\log.xml
[2013/05/24 22:20:23 | 000,000,008 | ---- | M] () -- C:\Windows\SysNative\log-suffix.xml
[2013/05/24 18:22:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1749649401-1888572752-1075402513-1000Core.job
[2013/05/24 14:53:18 | 075,187,200 | ---- | M] () -- C:\Users\***\backup.pst
[2013/05/21 18:24:34 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2013/05/20 12:49:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013/05/20 12:49:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013/05/20 12:44:32 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2013/05/20 12:44:32 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2013/05/20 11:21:24 | 000,000,306 | RHS- | M] () -- C:\Users\***\ntuser.pol
[2013/05/18 20:55:53 | 000,356,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/17 21:16:40 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/17 21:16:40 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/11 12:00:35 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Ocster 1-Click Backup.lnk
[2013/05/02 19:38:04 | 000,000,070 | ---- | M] () -- C:\Windows\SysWow64\NSS.ini
[2013/05/01 18:46:07 | 000,000,022 | ---- | M] () -- C:\Windows\SysWow64\STGRAMDiskHandler64.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/05/25 11:25:54 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013/05/25 11:25:25 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013/05/20 12:49:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2013/05/20 12:49:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2013/05/20 11:21:24 | 000,000,306 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2013/05/11 12:00:35 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Ocster 1-Click Backup.lnk
[2013/05/02 19:19:05 | 000,000,070 | ---- | C] () -- C:\Windows\SysWow64\NSS.ini
[2013/04/02 16:03:17 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\CIUtils.dll
[2013/02/02 13:50:47 | 000,000,625 | ---- | C] () -- C:\Users\***\jshrink.ini
[2013/01/21 19:21:30 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\STGRAMDiskHandler64.ini
[2012/12/14 17:06:36 | 000,000,364 | ---- | C] () -- C:\Windows\wininit.ini
[2012/12/14 17:05:46 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012/12/14 16:39:05 | 000,000,050 | ---- | C] () -- C:\Users\***\.j2e
[2012/12/11 15:49:57 | 000,000,851 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012/12/10 18:39:30 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\tmb1-v32.dll
[2012/12/05 18:47:18 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll
[2012/10/17 19:39:04 | 000,000,155 | ---- | C] () -- C:\Users\***\.appletviewer
[2012/09/28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012/09/21 17:06:44 | 000,003,072 | ---- | C] () -- C:\Users\***\AppData\Local\file__0.localstorage
[2012/05/13 17:32:28 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2012/03/22 16:52:45 | 000,000,725 | ---- | C] () -- C:\Users\***\*** - Verknüpfung.lnk
[2012/03/02 20:51:48 | 000,823,296 | ---- | C] () -- C:\Windows\j3dcore-d3d.dll
[2012/03/02 20:51:48 | 000,163,840 | ---- | C] () -- C:\Windows\j3dcore-ogl.dll
[2012/03/02 20:51:48 | 000,049,152 | ---- | C] () -- C:\Windows\j3dcore-ogl-chk.dll
[2012/03/02 20:51:48 | 000,040,960 | ---- | C] () -- C:\Windows\j3dcore-ogl-cg.dll
[2011/12/11 13:52:54 | 000,000,007 | ---- | C] () -- C:\Program Files\amsd20.dat
[2011/11/07 19:12:43 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2011/09/01 17:42:19 | 000,000,849 | ---- | C] () -- C:\Users\***\SciTE.session
[2011/08/30 17:12:14 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin
[2011/08/29 17:08:59 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll
[2011/07/16 20:44:10 | 001,777,024 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/06 14:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2011/06/29 20:36:37 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/06/29 20:36:37 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/06/29 20:36:37 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/06/29 20:25:52 | 000,000,035 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/06/29 20:22:55 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/06/29 20:22:55 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011/06/29 20:22:55 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011/05/13 21:18:55 | 000,000,077 | ---- | C] () -- C:\Users\***\Lizenz.omegakey
[2011/04/30 20:26:37 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2011/04/30 20:06:22 | 000,000,936 | ---- | C] () -- C:\Users\***\Konten speicherung.OPS - Verknüpfung.lnk
[2011/04/30 18:39:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/30 17:19:20 | 075,187,200 | ---- | C] () -- C:\Users\***\backup.pst
[2011/04/05 18:38:08 | 002,595,740 | ---- | C] () -- C:\Users\***\Powerpoint.zip
========== ZeroAccess Check ==========
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/12/26 20:27:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012/11/09 21:22:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\7-PDFSplitMerge
[2012/09/21 17:39:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AceBIT
[2012/12/31 19:47:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AllDup
[2011/07/16 20:40:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AntiBrowserSpy 2009
[2011/12/12 14:48:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apowersoft
[2013/01/15 15:51:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2011/12/27 15:14:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2012/12/14 17:05:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2011/12/11 14:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CBL-Electronics
[2011/05/01 15:34:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COMPUTERBILD Mein-Datensafe
[2011/05/22 15:39:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2012/02/16 17:10:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COMPUTERBILD-Abzockschutz Premium
[2011/06/29 20:22:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\concept design
[2011/12/08 17:48:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeskSoft
[2012/12/14 18:50:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2011/10/28 17:47:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Digiarty
[2012/04/15 20:20:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Duden
[2012/09/09 18:42:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012/09/09 19:09:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/12/20 12:00:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Easy Macro Recorder
[2013/03/02 21:11:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Expert PDF 8
[2013/02/09 16:43:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2013/05/22 14:58:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2012/07/20 15:32:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\getleft
[2011/04/30 15:40:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro
[2012/04/23 15:35:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012/06/18 18:58:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICSharpCode
[2011/07/17 16:57:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iMaxGen
[2013/02/05 16:00:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012/09/06 17:34:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JavaEditor
[2011/04/29 20:29:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012/08/27 17:45:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2013/03/17 19:37:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magic Landscape Filter
[2012/12/08 12:35:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011/07/17 16:59:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meridian93
[2011/11/08 21:05:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mintext
[2012/09/09 19:38:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011/12/05 18:28:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NeoDownloader
[2013/05/25 11:39:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetSpeedMonitor
[2012/07/29 16:20:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011/06/15 20:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012/05/06 16:55:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2012/06/18 19:01:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NuGet
[2012/12/14 17:05:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OCS
[2012/04/15 19:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OfficeRecovery
[2013/04/12 19:03:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012/01/27 19:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012/05/13 17:29:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2011/08/10 20:04:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012/12/19 13:25:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Experte 8
[2012/12/10 18:39:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayClaw4
[2011/04/30 16:46:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense
[2011/06/04 18:25:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\S.A.D
[2011/12/15 20:40:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scanahand
[2011/06/24 19:09:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software Informer
[2011/08/07 11:22:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sonavis
[2011/05/30 18:38:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Startpage24
[2011/11/04 20:39:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steganos
[2011/12/08 15:27:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sytexis Software
[2011/11/25 19:24:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TagTuner
[2013/02/25 20:04:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tenable
[2012/01/30 22:47:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeraCopy
[2013/04/01 14:57:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012/12/10 18:57:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011/11/21 14:39:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\URSoft
[2012/04/28 21:50:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net
[2012/12/03 20:37:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012/12/12 12:54:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wondershare
[2012/04/15 19:28:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 193 bytes -> C:\ProgramData\Temp:EEDA5B17
@Alternate Data Stream - 166 bytes -> C:\ProgramData\Temp:C39AA0B1
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:1CE11B51
< End of report >
PS: Hoffe ich diesmal im richtigen Unterforum |
Lesestoff:
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
aswMBR.exe und speichere die Datei auf deinem Desktop.
TDSSKiller.exe und speichere diese Datei auf dem Desktop
AdwCleaner auf deinen Desktop.
