| 
 ungewöhnlicher Datentransfer
 Hello again! 
Leider brauche ich schon wieder Eure fachliche Hilfe.  
Ich bilde mir ein, daß mein PC seit kurzem langsamer ist als sonst und wenn ich versuche, über meinen TOR Browser ins Netz zu gehen, muß ich wegen ungewöhnlichem Datentransfer ein Captcha ausfüllen. Kaspersky und MBam finden allerdings nichts.  
Ich hoffe, ich habe nichts falsch gemacht, aber ich habe einfach schon einmal die ersten Schritten des letzten Males wiederholt, damit ich Euch ein paar Logs zeigen kann.    Code: 
 OTL Extras logfile created on: 13.09.2013 20:58:17 - Run 1OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\ich\Eigene Dateien\Downloads
 Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
 Internet Explorer (Version = 8.0.6001.18702)
 Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
 1,97 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,82% Memory free
 3,82 Gb Paging File | 3,07 Gb Available in Paging File | 80,35% Paging File free
 Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
 Drive C: | 76,69 Gb Total Space | 7,68 Gb Free Space | 10,01% Space Free | Partition Type: NTFS
 Drive D: | 5,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 Drive E: | 76,68 Gb Total Space | 7,38 Gb Free Space | 9,63% Space Free | Partition Type: NTFS
 
 Computer Name: XXX | User Name: ich | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: All users
 Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Extra Registry (SafeList) ==========
 
 
 ========== File Associations ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 .html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
 .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
 [HKEY_USERS\S-1-5-21-329068152-1958367476-1177238915-1003\SOFTWARE\Classes\<extension>]
 .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
 ========== Shell Spawning ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
 batfile [open] -- "%1" %*
 cmdfile [open] -- "%1" %*
 comfile [open] -- "%1" %*
 cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 exefile [open] -- "%1" %*
 htmlfile [edit] -- Reg Error: Key error.
 https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
 InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
 piffile [open] -- "%1" %*
 regfile [merge] -- Reg Error: Key error.
 scrfile [config] -- "%1"
 scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
 scrfile [open] -- "%1" /S
 txtfile [edit] -- Reg Error: Key error.
 Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
 Directory [1a-farbbilder-Fotowelt] -- "C:\Programme\1a-farbbilder\1a-farbbilder-Fotowelt\1a-farbbilder-Fotowelt.exe" "%1" ()
 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
 Directory [CEWE FOTOSCHAU] -- "C:\Programme\1a-farbbilder\1a-farbbilder-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Directory [Mein CEWE FOTOBUCH] -- "E:\Programme\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
 Directory [OpenAsAWebSite] -- C:\Programme\Microsoft WebMatrix\WebMatrix.exe #ExecuteCommand# SiteFromFolder %L (Microsoft Corporation)
 Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
 Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
 Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
 Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
 Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
 Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
 Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
 ========== Security Center Settings ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 "FirstRunDisabled" = 1
 "AntiVirusDisableNotify" = 0
 "FirewallDisableNotify" = 0
 "UpdatesDisableNotify" = 0
 "AntiVirusOverride" = 0
 "FirewallOverride" = 0
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 "DisableMonitoring" = 1
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
 ========== System Restore Settings ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
 "DisableSR" = 0
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
 "Start" = 0
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
 "Start" = 2
 
 ========== Firewall Settings ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 "EnableFirewall" = 0
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
 ========== Authorized Applications List ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
 "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
 
 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
 "C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
 "C:\Programme\Microsoft Games\Age of Empires Online\Spartan.exe" = C:\Programme\Microsoft Games\Age of Empires Online\Spartan.exe:*:Enabled:Age of Empires Online -- (Microsoft Studios)
 "C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
 "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
 
 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
 "{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
 "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
 "{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
 "{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
 "{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
 "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
 "{38CDEC3E-ABC4-4EB8-BE3B-2181A97813AE}" = MySQL Connector/ODBC 5.1
 "{3B2BEBFF-32B8-471D-9422-039A8F19C87E}" = Microsoft WebMatrix
 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
 "{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live! Web 2K/XP
 "{433E2032-D3E0-46FF-BAA4-0976F333C1E4}" = IIS 7.5 Express
 "{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
 "{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
 "{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
 "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
 "{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
 "{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0
 "{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.78
 "{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
 "{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
 "{76FAE3C6-F0F2-43D3-9D94-C2AD772C2326}" = Webtools von Microsoft SQL Server Compact 4.0 DEU
 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
 "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
 "{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
 "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
 "{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
 "{920DF926-D85A-4ED9-8F4D-7D98F0EAF2C6}" = CEWE FOTOBUCH PRO
 "{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU
 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
 "{A39DAD32-3515-438D-8617-F8AE2A301031}" = Nero 8
 "{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Deutsch
 "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
 "{B692E59A-055C-43B7-BE0A-9C2FE0AB88B6}" = Microsoft SQL Server 2008 R2 Management Objects
 "{BE7DB168-4B8C-11D4-A5A5-00105A13D95C}" = KISS Psycho Circus - The Nightmare Child
 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
 "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
 "{C9B227BD-3CAD-430D-A036-6B9B3AA2341F}_is1" = Jewel Master - Collector's Edition
 "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
 "{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
 "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
 "{EA61F81B-5754-4B5A-9BC5-FFEDC29D1DBC}" = Microsoft SQL Server Compact 4.0 DEU
 "{EBDDD05E-EBCF-40FF-9BBD-C3E099A2B684}" = Intel(R) Network Connections 16.2.49.0
 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
 "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 "{FB1AC1F1-8F47-4DCE-A1ED-0DFBA0F455B4}" = Driver Mender
 "1a-farbbilder-Fotowelt" = 1a-farbbilder-Fotowelt
 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
 "Age of Empires 2.0" = Microsoft Age of Empires II
 "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
 "ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.12.2
 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
 "AnyDVD" = AnyDVD
 "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
 "AVMWLANCLI" = AVM FRITZ!WLAN
 "CCleaner" = CCleaner
 "CloneDVD" = CloneDVD
 "Creative Launcher" = Creative Launcher
 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
 "FileZilla Client" = FileZilla Client 3.7.3
 "Free Audio Converter_is1" = Free Audio Converter version 2.3.4.920
 "Free Studio_is1" = Free Studio version 5.2.0
 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.5.628
 "GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
 "HDMI" = Intel(R) Graphics Media Accelerator Driver
 "HDR projects elements_is1" = HDR projects elements (32-Bit)
 "ie8" = Windows Internet Explorer 8
 "InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
 "Jewel Quest III" = Jewel Quest III (nur deinstallation)
 "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
 "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 "Mozilla Firefox 23.0 (x86 de)" = Mozilla Firefox 23.0 (x86 de)
 "Mozilla Thunderbird 17.0.8 (x86 de)" = Mozilla Thunderbird 17.0.8 (x86 de)
 "MozillaMaintenanceService" = Mozilla Maintenance Service
 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
 "New LEGO Digital Designer" = LEGO Digital Designer
 "Opera 12.16.1860" = Opera 12.16
 "S2TNG" = Die Siedler II - Die nächste Generation
 "Secunia PSI" = Secunia PSI (3.0.0.6005)
 "Sound Blaster Live! Value" = Sound Blaster Live! Value
 "SpywareBlaster_is1" = SpywareBlaster 5.0
 "Um die Welt in 80 Tagen_is1" = Um die Welt in 80 Tagen 1.0
 "UnityWebPlayer" = Unity Web Player (All users)
 "Unlocker" = Unlocker 1.9.1
 "VLC media player" = VLC media player 2.0.8
 "Winamp" = Winamp
 "Windows Media Format Runtime" = Windows Media Format 11 runtime
 "Windows Media Player" = Windows Media Player 11
 "WinLiveSuite_Wave3" = Windows Live Essentials
 "WinRAR archiver" = WinRAR 4.00 (32-Bit)
 "WMFDist11" = Windows Media Format 11 runtime
 "wmp11" = Windows Media Player 11
 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 "xampp" = XAMPP 1.7.7
 
 ========== HKEY_USERS Uninstall List ==========
 
 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 "Opera 16.0.1196.62" = Opera Stable 16.0.1196.62
 
 ========== HKEY_USERS Uninstall List ==========
 
 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 "Opera 16.0.1196.62" = Opera Stable 16.0.1196.62
 
 ========== HKEY_USERS Uninstall List ==========
 
 [HKEY_USERS\S-1-5-21-329068152-1958367476-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 "Dropbox" = Dropbox
 "New LEGO Digital Designer" = LEGO Digital Designer
 "Winamp Detect" = Winamp Erkennungs-Plug-in
 
 ========== Last 20 Event Log Errors ==========
 
 [ Application Events ]
 Error - 11.08.2013 10:03:52 | Computer Name = XXX | Source = Application Hang | ID = 1002
 Description = Stillstehende Anwendung winamp.exe, Version 5.6.3.3234, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
 Error - 13.08.2013 13:53:32 | Computer Name = XXX | Source = Application Hang | ID = 1002
 Description = Stillstehende Anwendung psi.exe, Version 3.0.0.6005, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
 Error - 18.08.2013 06:23:44 | Computer Name = XXX | Source = Application Hang | ID = 1002
 Description = Stillstehende Anwendung tbb-firefox.exe, Version 17.0.7.4920, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
 Error - 18.08.2013 06:23:45 | Computer Name = XXX | Source = Application Hang | ID = 1002
 Description = Stillstehende Anwendung tbb-firefox.exe, Version 17.0.7.4920, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
 Error - 18.08.2013 09:16:54 | Computer Name = XXX | Source = Application Error | ID = 1000
 Description = Fehlgeschlagene Anwendung tbb-firefox.exe, Version 17.0.7.4920, fehlgeschlagenes
 Modul nspr4.dll, Version 4.9.5.0, Fehleradresse 0x0002a69a.
 
 Error - 20.08.2013 17:01:05 | Computer Name = XXX | Source = Application Hang | ID = 1002
 Description = Stillstehende Anwendung winamp.exe, Version 5.6.3.3234, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
 Error - 24.08.2013 14:50:51 | Computer Name = XXX | Source = Application Hang | ID = 1002
 Description = Stillstehende Anwendung opera.exe, Version 12.16.1860.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
 Error - 25.08.2013 11:52:33 | Computer Name = XXX | Source = Application Hang | ID = 1002
 Description = Stillstehende Anwendung Paint Shop Pro X.exe, Version 10.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
 Error - 31.08.2013 14:10:27 | Computer Name = XXX | Source = Application Hang | ID = 1002
 Description = Stillstehende Anwendung winamp.exe, Version 5.6.3.3234, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
 Error - 10.09.2013 14:08:44 | Computer Name = XXX | Source = MsiInstaller | ID = 11722
 Description = Product: Adobe Flash Player 11 ActiveX -- Error 1722.There is a problem
 with this Windows Installer package. A program run as part of the setup did not
 finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1,
 location: C:\WINDOWS\TEMP\InstallAX_11_8_800_94.exe, command: -install -msi
 
 [ System Events ]
 Error - 13.09.2013 14:05:19 | Computer Name = XXX | Source = sr | ID = 1
 Description = Beim Verarbeiten der Datei "SMR162.SYS" auf Volume "HarddiskVolume2"
 ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000243" aufgetreten.
 Die Volumeüberwachung wurde angehalten.
 
 Error - 13.09.2013 14:07:26 | Computer Name = XXX | Source = Service Control Manager | ID = 7022
 Description = Der Dienst "Webbereitstellungs-Agent-Dienst" wurde nicht ordnungsgemäß
 gestartet.
 
 Error - 13.09.2013 14:07:26 | Computer Name = XXX | Source = Service Control Manager | ID = 7026
 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
 lkbdhlpr
 
 Error - 13.09.2013 14:08:04 | Computer Name = XXX | Source = HTTP | ID = 15005
 Description = Der zugrunde liegende Transport für 0.0.0.0:80 kann nicht gebunden
 werden. Möglicherweise enthält die Liste nur zum Abhören von IP einen Verweis auf
 eine Schnittstelle, die gegebenenfalls auf diesem Computer nicht vorhanden ist.
 Das Datenfeld enthält die Fehlernummer.
 
 Error - 13.09.2013 14:08:11 | Computer Name = XXX | Source = Service Control Manager | ID = 7023
 Description = Der Dienst "Webbereitstellungs-Agent-Dienst" wurde mit folgendem Fehler
 beendet:   %%2148734208
 
 Error - 13.09.2013 14:09:37 | Computer Name = XXX | Source = Service Control Manager | ID = 7024
 Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: 1 (0x1).
 
 Error - 13.09.2013 14:13:24 | Computer Name = XXX | Source = Service Control Manager | ID = 7022
 Description = Der Dienst "Webbereitstellungs-Agent-Dienst" wurde nicht ordnungsgemäß
 gestartet.
 
 Error - 13.09.2013 14:13:24 | Computer Name = XXX | Source = Service Control Manager | ID = 7026
 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
 lkbdhlpr
 
 Error - 13.09.2013 14:13:42 | Computer Name = XXX | Source = HTTP | ID = 15005
 Description = Der zugrunde liegende Transport für 0.0.0.0:80 kann nicht gebunden
 werden. Möglicherweise enthält die Liste nur zum Abhören von IP einen Verweis auf
 eine Schnittstelle, die gegebenenfalls auf diesem Computer nicht vorhanden ist.
 Das Datenfeld enthält die Fehlernummer.
 
 Error - 13.09.2013 14:13:48 | Computer Name = XXX | Source = Service Control Manager | ID = 7023
 Description = Der Dienst "Webbereitstellungs-Agent-Dienst" wurde mit folgendem Fehler
 beendet:   %%2148734208
 
 
 < End of report >
  Code: 
 OTL logfile created on: 13.09.2013 20:58:17 - Run 1OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\ich\Eigene Dateien\Downloads
 Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
 Internet Explorer (Version = 8.0.6001.18702)
 Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
 1,97 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,82% Memory free
 3,82 Gb Paging File | 3,07 Gb Available in Paging File | 80,35% Paging File free
 Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
 Drive C: | 76,69 Gb Total Space | 7,68 Gb Free Space | 10,01% Space Free | Partition Type: NTFS
 Drive D: | 5,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 Drive E: | 76,68 Gb Total Space | 7,38 Gb Free Space | 9,63% Space Free | Partition Type: NTFS
 
 Computer Name: XXX | User Name: ich | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: All users
 Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Processes (SafeList) ==========
 
 PRC - [2013.09.13 20:56:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\ich\Eigene Dateien\Downloads\OTL.exe
 PRC - [2013.06.27 18:37:43 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
 PRC - [2013.04.17 23:18:55 | 000,422,632 | ---- | M] (BillP Studios) -- C:\Programme\BillP Studios\WinPatrol\WinPatrol.exe
 PRC - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
 PRC - [2013.02.07 14:31:20 | 000,660,504 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
 PRC - [2013.02.07 14:31:18 | 000,575,000 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
 PRC - [2012.10.31 19:46:45 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
 PRC - [2011.09.10 11:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- E:\xampp\apache\bin\httpd.exe
 PRC - [2011.09.10 11:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- e:\xampp\apache\bin\httpd.exe
 PRC - [2011.09.09 19:46:10 | 008,158,720 | ---- | M] () -- e:\xampp\mysql\bin\mysqld.exe
 PRC - [2011.06.07 21:29:16 | 000,630,272 | ---- | M] (FileZilla Project) -- e:\xampp\FileZillaFTP\FileZillaServer.exe
 PRC - [2011.02.28 14:19:34 | 000,109,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\IPROSetMonitor.exe
 PRC - [2010.07.04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Programme\Unlocker\UnlockerAssistant.exe
 PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
 PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE
 PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 PRC - [2006.07.31 04:02:00 | 000,370,756 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
 PRC - [2004.03.18 09:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\iTouch\iTouch.exe
 PRC - [2003.07.07 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE
 PRC - [2002.07.02 17:56:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
 PRC - [2001.08.18 05:54:48 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
 PRC - [1998.07.16 01:00:00 | 000,191,488 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\SBLive\AudioHQ\AHQTB.EXE
 
 
 ========== Modules (No Company Name) ==========
 
 MOD - [2013.08.07 21:25:24 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
 MOD - [2012.12.10 03:46:38 | 000,600,868 | ---- | M] () -- C:\Programme\BillP Studios\WinPatrol\sqlite3.dll
 MOD - [2011.09.09 19:46:10 | 008,158,720 | ---- | M] () -- e:\xampp\mysql\bin\mysqld.exe
 MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
 MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
 MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
 MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
 MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
 MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
 MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
 MOD - [2010.07.04 23:32:36 | 000,004,608 | ---- | M] () -- C:\Programme\Unlocker\UnlockerHook.dll
 MOD - [2010.07.04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Programme\Unlocker\UnlockerAssistant.exe
 
 
 ========== Services (SafeList) ==========
 
 SRV - [2013.09.10 21:07:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
 SRV - [2013.08.25 17:41:37 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
 SRV - [2013.06.27 18:37:43 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
 SRV - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
 SRV - [2013.02.07 14:31:20 | 000,660,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
 SRV - [2012.10.31 19:46:45 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
 SRV - [2011.09.10 11:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- e:\xampp\apache\bin\httpd.exe -- (Apache2.2)
 SRV - [2011.09.09 19:46:10 | 008,158,720 | ---- | M] () [Auto | Running] -- e:\xampp\mysql\bin\mysqld.exe -- (mysql)
 SRV - [2011.06.07 21:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [Auto | Running] -- e:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
 SRV - [2011.04.01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
 SRV - [2011.02.28 14:19:34 | 000,109,728 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\IPROSetMonitor.exe -- (Intel(R)
 SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
 SRV - [2007.08.21 14:52:54 | 000,382,248 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
 SRV - [2006.07.31 04:02:00 | 000,370,756 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
 
 
 ========== Driver Services (SafeList) ==========
 
 DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
 DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
 DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
 DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
 DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
 DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
 DRV - File not found [File_System | System | Stopped] -- System32\Drivers\lkbdhlpr.sys -- (lkbdhlpr)
 DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
 DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
 DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
 DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\ich\LOKALE~1\Temp\catchme.sys -- (catchme)
 DRV - [2013.09.13 20:07:28 | 000,076,920 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SMR162.SYS -- (SMR162)
 DRV - [2013.02.07 14:15:22 | 000,016,024 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf_x86.sys -- (PSI)
 DRV - [2011.08.26 19:24:09 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
 DRV - [2011.04.20 14:50:22 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
 DRV - [2011.03.10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
 DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
 DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
 DRV - [2010.09.14 18:00:32 | 006,143,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
 DRV - [2009.12.18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
 DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
 DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
 DRV - [2009.11.02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
 DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
 DRV - [2007.01.29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
 DRV - [2006.07.31 04:02:00 | 000,264,704 | R--- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
 DRV - [2004.03.10 13:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
 DRV - [2004.03.03 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lhidusb.sys -- (LHidUsb)
 DRV - [2003.09.29 22:32:59 | 000,022,912 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
 DRV - [2003.06.30 09:50:00 | 000,072,894 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
 DRV - [2003.06.30 09:50:00 | 000,053,870 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
 DRV - [2003.06.30 09:50:00 | 000,025,214 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
 DRV - [2003.03.28 17:25:51 | 000,003,840 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
 DRV - [2002.07.19 10:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
 DRV - [2002.07.19 10:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
 DRV - [2002.07.19 10:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
 DRV - [2002.07.19 10:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
 DRV - [2001.08.17 13:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman)
 DRV - [2001.08.17 13:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1)
 DRV - [2001.08.17 13:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k)
 DRV - [2001.08.17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
 
 
 ========== Standard Registry (SafeList) ==========
 
 
 ========== Internet Explorer ==========
 
 IE - HKLM\..\SearchScopes,DefaultScope =
 
 
 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
 IE - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 IE - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 IE - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
 IE - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 IE - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 IE - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
 ========== FireFox ==========
 
 FF - prefs.js..browser.startup.homepage: "https://dl.dropboxusercontent.com/u/20374210/DVD-Sammlung/1_DVD-Sammlung.htm"
 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
 FF - user.js - File not found
 
 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
 FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
 FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
 FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2013.09.13 20:11:29 | 000,000,000 | ---D | M]
 FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Programme\Microsoft\Web Platform Installer\\npwpidetector.dll ()
 FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Programme\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
 FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
 FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
 FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
 
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 19:47:19 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 19:47:19 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 19:47:19 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Programme\Mozilla Firefox\components
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.09.12 18:59:23 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.08.06 19:52:03 | 000,000,000 | ---D | M]
 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
 [2011.05.17 15:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Extensions
 [2011.05.17 15:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
 [2013.01.19 16:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions
 [2012.04.18 22:25:08 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
 [2012.04.18 22:25:06 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008}
 [2012.04.18 22:25:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
 [2012.04.18 22:25:11 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
 [2012.04.18 22:25:08 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\https-everywhere@eff.org
 [2012.04.18 22:25:11 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\unplug@compunach
 [2012.04.19 18:41:59 | 000,521,968 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\ich\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
 [2013.09.03 20:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 [2013.09.03 20:14:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
 [2013.09.03 20:14:47 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
 [2013.09.03 20:14:48 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
 [2013.09.13 20:18:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
 [2013.09.13 20:18:58 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 [2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
 
 O1 HOSTS File: ([2013.04.22 17:56:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
 O1 - Hosts: 127.0.0.1       localhost
 O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
 O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
 O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
 O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
 O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
 O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
 O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
 O4 - HKLM..\Run: [AudioHQ] C:\Programme\Creative\SBLive\AudioHQ\AHQTB.EXE (Creative Technology Ltd.)
 O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
 O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
 O4 - HKLM..\Run: [CloneDVDElbyDelay] C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe (Elaborate Bytes AG)
 O4 - HKLM..\Run: [DevconDefaultDB] C:\WINDOWS\READREG.exe (Creative Technology Limited)
 O4 - HKLM..\Run: [ElbyCheckAnyDVD] C:\Programme\SlySoft\AnyDVD\ElbyCheck.exe (Elaborate Bytes AG)
 O4 - HKLM..\Run: [Jet Detection] C:\Programme\Creative\SBLive\Program\ADGJDet.exe ()
 O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
 O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
 O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
 O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
 O4 - HKLM..\Run: [UnlockerAssistant] C:\Programme\Unlocker\UnlockerAssistant.exe ()
 O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
 O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
 O4 - HKLM..\Run: [WinPatrol] C:\Programme\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
 O4 - HKLM..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc.)
 O4 - HKU\S-1-5-21-329068152-1958367476-1177238915-1003..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
 O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
 O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
 O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
 O7 - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
 O7 - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
 O7 - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
 O7 - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
 O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
 O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
 O15 - HKU\S-1-5-21-329068152-1958367476-1177238915-1003\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1367309301468 (MUWebControl Class)
 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.25.2)
 O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Key error.)
 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.25.2)
 O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61424811-3BDF-4320-B251-79142E7C3D97}: DhcpNameServer = 192.168.178.1
 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
 O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
 O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
 O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
 O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
 O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
 O32 - HKLM CDRom: AutoRun - 1
 O32 - AutoRun File - [2011.05.16 12:35:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
 O32 - AutoRun File - [2006.10.13 14:50:51 | 003,834,762 | R--- | M] (Macromedia, Inc.) - D:\Autorun.exe -- [ CDFS ]
 O32 - AutoRun File - [2006.10.17 17:24:41 | 000,000,041 | RH-- | M] () - D:\autorun.inf -- [ CDFS ]
 O32 - AutoRun File - [2006.12.21 21:48:13 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
 O34 - HKLM BootExecute: (autocheck autochk *)
 O35 - HKLM\..comfile [open] -- "%1" %*
 O35 - HKLM\..exefile [open] -- "%1" %*
 O37 - HKLM\...com [@ = ComFile] -- "%1" %*
 O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
 O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
 ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
 ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
 ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
 ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
 ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
 ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
 ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
 ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
 ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
 ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
 ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
 ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
 ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
 ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
 ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
 ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
 ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
 ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
 ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
 ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
 ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
 ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
 ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
 ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
 ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
 ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
 ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
 ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
 ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
 ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
 
 CREATERESTOREPOINT
 Restore point Set: OTL Restore Point
 
 ========== Files/Folders - Created Within 30 Days ==========
 
 [2013.09.13 20:07:28 | 000,076,920 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR162.SYS
 [2013.09.12 20:48:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
 [2013.09.03 20:14:46 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
 [2013.08.28 18:43:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Programs
 [1 C:\Dokumente und Einstellungen\ich\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\ich\Eigene Dateien\*.tmp -> ]
 
 ========== Files - Modified Within 30 Days ==========
 
 [2013.09.13 21:06:46 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
 [2013.09.13 21:06:18 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
 [2013.09.13 21:06:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
 [2013.09.13 20:19:20 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
 [2013.09.13 20:11:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
 [2013.09.13 20:10:57 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini
 [2013.09.13 20:10:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
 [2013.09.13 20:07:28 | 000,076,920 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR162.SYS
 [2013.09.12 20:54:37 | 000,481,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 [2013.09.12 20:06:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
 [2013.09.12 18:44:13 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
 [2013.09.09 19:39:27 | 000,001,004 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
 [2013.08.25 17:25:04 | 000,001,014 | ---- | M] () -- C:\Dokumente und Einstellungen\ich\Desktop\Dropbox.lnk
 [2013.08.23 18:43:15 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
 [2013.08.20 18:38:26 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
 [1 C:\Dokumente und Einstellungen\ich\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\ich\Eigene Dateien\*.tmp -> ]
 
 ========== Files Created - No Company Name ==========
 
 [2012.06.13 19:10:47 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
 [2012.02.12 12:39:40 | 000,000,518 | ---- | C] () -- C:\WINDOWS\wiso.ini
 [2011.08.28 00:12:12 | 000,362,078 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-329068152-1958367476-1177238915-1003-0.dat
 [2011.05.30 19:14:32 | 000,103,444 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\default.pls
 [2011.05.22 22:49:22 | 000,362,078 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
 [2011.05.18 22:04:45 | 000,140,288 | ---- | C] () -- C:\Dokumente und Einstellungen\ich\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
 ========== ZeroAccess Check ==========
 
 [2011.05.20 19:22:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
 [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
 [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
 [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 "" = %SystemRoot%\system32\shdocvw.dll -- [2011.02.17 15:51:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Apartment
 
 [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
 "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Free
 
 [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
 "ThreadingModel" = Both
 
 ========== Alternate Data Streams ==========
 
 @Alternate Data Stream - 119 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34
 
 < End of report >
  Code: 
 GMER 2.1.19163 - hxxp://www.gmer.netRootkit scan 2013-09-13 22:44:06
 Windows 5.1.2600 Service Pack 3 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c HDS722580VLAT20 rev.V32OA60A 76,69GB
 Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\ich\LOKALE~1\Temp\awliykog.sys
 
 
 ---- System - GMER 2.1 ----
 
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwAdjustPrivilegesToken [0xA8438FBA]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwClose [0xA84398B4]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwConnectPort [0xA8452AEE]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateEvent [0xA8439E26]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateMutant [0xA8439D14]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreatePort [0xA8452E06]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateProcess [0xA843A056]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateProcessEx [0xA843A21E]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateSection [0xA8438D76]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateSemaphore [0xA8439F3E]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateThread [0xA84395E6]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateWaitablePort [0xA8452ECE]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwDebugActiveProcess [0xA843A53C]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwDeleteKey [0xA844D084]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwDeleteValueKey [0xA844E88E]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwDeviceIoControlFile [0xA84398F6]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwDuplicateObject [0xA843B53C]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwEnumerateKey [0xA844E088]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwEnumerateValueKey [0xA844EA38]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwLoadDriver [0xA843A62E]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwLoadKey [0xA844DBC0]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwLoadKey2 [0xA844DE1C]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwMapViewOfSection [0xA843AB9A]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwNotifyChangeKey [0xA845130A]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenEvent [0xA8439EB8]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenMutant [0xA8439DA0]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenProcess [0xA84391F4]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenSection [0xA843A97E]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenSemaphore [0xA8439FD0]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenThread [0xA84390E8]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQueryKey [0xA844CEB8]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQueryMultipleValueKey [0xA844E698]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQueryObject [0xA8451500]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQuerySection [0xA843AEC0]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQueryValueKey [0xA844E488]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQueueApcThread [0xA843A7CE]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwRenameKey [0xA844D198]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwReplaceKey [0xA844D80C]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwReplyPort [0xA8453048]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwReplyWaitReceivePort [0xA8452F96]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwRequestWaitReplyPort [0xA84530B4]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwRestoreKey [0xA844DA14]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwResumeThread [0xA843B3DE]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSaveKey [0xA844D33E]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSaveKeyEx [0xA844D4D4]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSaveMergedKeys [0xA844D670]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSecureConnectPort [0xA8452C76]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSetContextThread [0xA8439756]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSetInformationToken [0xA843A3E8]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSetSystemInformation [0xA843B010]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSetValueKey [0xA844E248]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSuspendProcess [0xA843B104]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSuspendThread [0xA843B23E]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSystemDebugControl [0xA843A45E]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwTerminateProcess [0xA8439392]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwTerminateThread [0xA84392EA]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwUnmapViewOfSection [0xA843AD78]
 SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwWriteVirtualMemory [0xA843947C]
 
 Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  FsRtlCheckLockForReadAccess
 Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  IoIsOperationSynchronous
 
 ---- Kernel code sections - GMER 2.1 ----
 
 .text           ntkrnlpa.exe!FsRtlCheckLockForReadAccess                                               804EA000 5 Bytes  JMP A842B9F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
 .text           ntkrnlpa.exe!IoIsOperationSynchronous                                                  804EE8DE 5 Bytes  JMP A842BDCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
 .text           ntkrnlpa.exe!ZwCallbackReturn + 24DC                                                   80501D38 12 Bytes  [06, 2E, 45, A8, 56, A0, 43, ...]
 .text           ntkrnlpa.exe!ZwCallbackReturn + 2528                                                   80501D84 8 Bytes  [8E, E8, 44, A8, F6, 98, 43, ...]
 .text           ntkrnlpa.exe!ZwCallbackReturn + 2548                                                   80501DA4 4 Bytes  JMP 9384A844
 .text           ntkrnlpa.exe!ZwCallbackReturn + 25A8                                                   80501E04 12 Bytes  [2E, A6, 43, A8, C0, DB, 44, ...]
 .text           ntkrnlpa.exe!ZwCallbackReturn + 2624                                                   80501E80 4 Bytes  CALL DAF86215
 .text           ...
 
 ---- User code sections - GMER 2.1 ----
 
 .text           C:\WINDOWS\Explorer.EXE[652] SHELL32.dll!SHFileOperationW                              7E720984 5 Bytes  JMP 00C11102 C:\Programme\Unlocker\UnlockerHook.dll
 
 ---- Devices - GMER 2.1 ----
 
 AttachedDevice  \Driver\Tcpip \Device\Ip                                                               kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
 AttachedDevice  \Driver\Tcpip \Device\Tcp                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
 AttachedDevice  \Driver\Tcpip \Device\Udp                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
 AttachedDevice  \Driver\Tcpip \Device\RawIp                                                            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
 
 ---- EOF - GMER 2.1 ----
 Defogger läuft zwar und die Treiber sind disabled, aber er hat kein Log ausgeworfen. |