| |
| |||||||
Log-Analyse und Auswertung: hintergrundprogramm vermutet!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.06.2013, 15:05
| #1 |
 |  hintergrundprogramm vermutet! Hallo, ich benötige einemal wieder eure Hilfe. Ich habe einen Rechner der soweit ganz gut läuft. Nur finde ich in Letzter Zeit immer wieder Linksymbohle auf dem Desktop. Da ich diese nicht selbst anlege möchte ich gerne wissen wo diese her kommen. Bitte um Hilfe bei diesem schlingel.  : Geändert von danken (18.06.2013 um 15:12 Uhr) |
|
18.06.2013, 16:06
| #3 |
| | hintergrundprogramm vermutet! sooo da wollen wir mal.
__________________OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.06.2013 16:51:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 48,91% Memory free 6,98 Gb Paging File | 4,81 Gb Available in Paging File | 68,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,14 Gb Total Space | 59,10 Gb Free Space | 49,60% Space Free | Partition Type: NTFS Computer Name: TORSTEN-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.18 16:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.06.13 17:37:57 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe PRC - [2013.05.27 16:19:56 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013.05.27 11:36:54 | 001,345,008 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe PRC - [2013.05.18 10:12:31 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe PRC - [2013.04.24 17:17:38 | 001,611,784 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe PRC - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013.04.19 20:55:46 | 001,293,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe PRC - [2013.03.28 11:32:34 | 000,310,640 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.03.28 11:32:32 | 001,511,792 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe PRC - [2013.03.20 10:07:18 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2013.02.26 17:33:03 | 000,055,984 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe PRC - [2013.02.21 04:44:22 | 002,238,704 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe PRC - [2013.02.08 20:32:00 | 000,150,768 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe PRC - [2013.01.16 18:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.03.12 11:05:33 | 000,232,288 | ---- | M] () -- C:\ProgramData\MobileBrServ\mbbService.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.10.12 16:45:37 | 001,324,384 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe PRC - [2010.01.11 20:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2009.02.24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe PRC - [2008.02.22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2008.02.22 17:54:34 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PRC - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007.09.13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe PRC - [2007.07.02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2007.06.06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2007.05.22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2006.09.08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe ========== Modules (No Company Name) ========== MOD - [2013.06.13 17:37:57 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013.06.09 20:56:32 | 006,891,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\dc3fdc23f6516b3a7f1e2c8331d7e9de\DeviceHost.ni.dll MOD - [2013.05.27 16:19:55 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013.05.25 14:56:52 | 017,490,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\981f47ca4918ad980c186bd8e87e2714\Kies.Theme.ni.dll MOD - [2013.05.25 14:56:51 | 000,611,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\2968bf136dea2e9067dab3a33e6b4e79\DevicePodcast.ni.dll MOD - [2013.05.25 14:56:51 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\b29426aeb9455161ea12b87cda0ba5dc\DummyStorePlugin.ni.dll MOD - [2013.05.25 14:56:50 | 000,294,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\c3313e8e25da6201783c17dfaa5b0496\DeviceVideo.ni.dll MOD - [2013.05.25 14:56:49 | 000,349,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\aabdab07376e89e51c874bf9317e4dc7\DevicePhoto.ni.dll MOD - [2013.05.25 14:56:48 | 000,302,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\ebb58456cb633e779aa4e138ed0fed27\DeviceMusic.ni.dll MOD - [2013.05.25 14:56:47 | 000,470,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\3748f813d0f58499af4d415eb916fc3e\VideoManager.ni.dll MOD - [2013.05.25 14:56:46 | 000,778,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\9496fd8f78b04dd17355f45e18a22be9\PhotoManager.ni.dll MOD - [2013.05.25 14:56:45 | 001,979,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\b963ec0e84642810e0bc4c2f89739998\Phonebook.ni.dll MOD - [2013.05.25 14:56:42 | 000,941,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\3d3de392d7b52801076f0e9f78d9477f\MusicManager.ni.dll MOD - [2013.05.25 14:56:41 | 000,404,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\d676ff1bf0767470c9a5560f1aa2d14d\BATPlugin.ni.dll MOD - [2013.05.25 14:56:37 | 000,516,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\d2f8537926b7e4379d2e08dfa585f5f1\Kies.Common.MediaDB.ni.dll MOD - [2013.05.25 14:56:37 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\73aff30f19962e3fb19442930a7c40a7\Kies.Common.StoreManager.ni.dll MOD - [2013.05.25 14:56:36 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\47de253a8d7dd978e6f8d6f38340bc1f\ASF_cSharpAPI.ni.dll MOD - [2013.05.25 14:56:36 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\b44b3d6f3419c0ab9d18515897de9d1c\Kies.Common.AllShare.ni.dll MOD - [2013.05.25 14:56:35 | 000,109,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\6a0fc4cdacb74e4e86f529a2151cb551\Kies.Common.CRMManager.ni.dll MOD - [2013.05.25 14:56:35 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\cd4d2be1cc192ac58b54cbcef3da4267\Kies.Common.DBManager.ni.dll MOD - [2013.05.25 14:56:34 | 000,201,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\89a756ec00423ef4f254d7b265abbe51\Kies.Common.MainUI.ni.dll MOD - [2013.05.25 14:56:33 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0c50720e6df047feaea9d1373218ef98\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2013.05.25 14:56:33 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\05f34c55cc3087dd715d09d4d4d472f6\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2013.05.25 14:56:32 | 000,583,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\092d19a3f8e23190733777a43fef7625\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2013.05.25 14:56:32 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\aa38ba603d11850b202aa5145df0998b\Interop.DevFileServiceLib.ni.dll MOD - [2013.05.25 14:56:31 | 001,180,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\023d7461d211849b8378c5ee2d8cdcc4\Kies.Common.DeviceService.ni.dll MOD - [2013.05.25 14:56:29 | 001,138,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\b8f52febfa59a72983e95ff7fbee3530\Podcaster.ni.dll MOD - [2013.05.25 14:56:27 | 000,701,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\797da83b62561a9fdcf939acf2c81175\DeviceCommonLib.ni.dll MOD - [2013.05.25 14:56:26 | 000,732,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\309df18b43e646e1c64f47d5bb21dada\Kies.Plugin.ContentsManagerLib.ni.dll MOD - [2013.05.25 14:56:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\34f367d44c1562ab56aa05eaed2f91d5\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2013.05.25 14:56:09 | 000,928,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f41b2d52c6b4992965ed42b7508b8acf\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2013.05.25 14:56:03 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\01935cef9ea3ddde60c2b310558344aa\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2013.05.25 14:56:03 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\4f53a1e1b55059e985cbd4208cbbed45\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2013.05.25 14:56:03 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2f449d48a3aec93521d145df401129e\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2013.05.25 14:56:03 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\fc90db09cc6cba4b0bd4740b21b72b5c\Interop.PRPLAYERCORELib.ni.dll MOD - [2013.05.25 14:56:01 | 002,201,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\c89138378589f1d533571dfaa839b44d\Kies.Common.Multimedia.ni.dll MOD - [2013.05.25 14:55:59 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8aab3ec4ac5c9ba00fd328816c82c2ae\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2013.05.25 14:55:58 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3621b825f8134d3d0046664aa1f56077\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2013.05.25 14:55:47 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\61776ec0db133130d3658f9c0bc49ab9\CabLib.ni.dll MOD - [2013.05.25 14:55:47 | 000,281,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\acf0e739a5df2f4fe0423eac282a43fd\Kies.Common.Util.ni.dll MOD - [2013.05.25 14:55:46 | 001,618,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\8f73b7d658ead2bc1693551c7e6835ef\Kies.Locale.ni.dll MOD - [2013.05.25 14:55:46 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\5e7660d7a2dd8241b3de09ad6053d44f\Interop.DeviceSearchLib.ni.dll MOD - [2013.05.25 14:55:45 | 001,926,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\88e8e2b97065473f8a653ebbdf20d8c7\Kies.UI.ni.dll MOD - [2013.05.25 14:55:45 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\9bef0062ce6063229092af8c83cbd955\Kies.MVVM.ni.dll MOD - [2013.05.25 14:55:43 | 000,154,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\38de67b8d7313ef36676f4e0b5a0ec0d\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2013.05.25 14:55:42 | 001,260,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\4e846e1974a75dd1c5dc55445ec2312b\Kies.Interface.ni.dll MOD - [2013.05.25 14:55:32 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\766ccafdc4a09b964aa9286a15bca48a\System.ServiceProcess.ni.dll MOD - [2013.05.25 14:55:22 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\18827146ec2b471d01410b0e7639653d\System.Runtime.Remoting.ni.dll MOD - [2013.05.25 14:55:15 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll MOD - [2013.05.25 14:55:13 | 002,117,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\16869c24e27fb629bad51a6c777383e1\Kies.ni.exe MOD - [2013.05.25 13:27:37 | 015,882,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\5a482e5d6b781b7cef30ce7c20caf96a\MenuSkinning.ni.dll MOD - [2013.05.25 13:26:55 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\ce5f3c95d85ce4e4ee12dcb6fd50876c\VistaBridgeLibrary.ni.dll MOD - [2013.05.25 13:26:52 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.05.25 13:26:51 | 002,584,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\fc8099175daa93a47757849ddd805b8e\DellDock.ni.exe MOD - [2013.05.25 13:26:50 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\c44d4e9a2f5a9e2988dfaa2d6b591b9e\MyDock.Util.ni.dll MOD - [2013.05.25 13:26:47 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.25 13:26:26 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.05.25 13:25:57 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.05.25 13:25:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\56765d6988c0fc573c31d3c6066fc704\System.Configuration.ni.dll MOD - [2013.05.25 13:25:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.05.25 13:25:46 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.05.25 13:25:46 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013.05.21 16:01:37 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll MOD - [2013.05.20 22:31:54 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll MOD - [2013.05.20 22:31:45 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.05.20 22:31:39 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.05.20 22:31:38 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll MOD - [2013.05.20 22:31:35 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll MOD - [2013.05.20 22:31:33 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll MOD - [2013.05.20 22:31:27 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll MOD - [2013.05.20 22:31:24 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.05.20 22:30:59 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2013.05.18 10:12:31 | 002,244,504 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll MOD - [2013.05.18 10:12:31 | 000,158,104 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll MOD - [2013.05.18 10:12:31 | 000,022,424 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll MOD - [2013.02.26 17:13:13 | 000,204,280 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll MOD - [2013.01.16 18:27:06 | 002,550,224 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.01.16 18:26:01 | 002,212,304 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2012.06.18 17:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll MOD - [2012.04.27 16:08:08 | 000,093,040 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\WebcamSoft\NetCamCenter\nccsvc.exe -- (Webcam Corp. Service Starter) SRV - File not found [Auto | Stopped] -- c:\program files\axis communications\axis camera station 3\AcsService.exe -- (AXIS Camera Station) SRV - [2013.06.13 17:38:01 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.27 16:19:56 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.27 11:36:54 | 001,345,008 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV) SRV - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.04.19 20:55:46 | 001,293,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe -- (OfficeSvc) SRV - [2013.03.20 10:07:18 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2013.02.26 17:33:03 | 000,055,984 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV) SRV - [2013.02.26 17:20:55 | 000,062,688 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental) SRV - [2013.02.08 20:29:56 | 000,295,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2013.01.16 18:27:06 | 002,550,224 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2012.12.27 21:32:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.03.12 11:05:33 | 000,232,288 | ---- | M] () [Auto | Running] -- C:\ProgramData\MobileBrServ\mbbService.exe -- (Mobile Broadband HL Service) SRV - [2010.01.11 20:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.02.22 17:54:34 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc) SRV - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) ========== Driver Services (SafeList) ========== DRV - [2013.05.28 12:11:21 | 000,355,744 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\trufos.sys -- (trufos) DRV - [2013.04.17 14:59:04 | 000,633,344 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avc3.sys -- (avc3) DRV - [2013.04.17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf) DRV - [2013.03.20 10:07:16 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2013.02.22 19:46:48 | 000,078,144 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf) DRV - [2013.02.22 09:16:54 | 000,153,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2013.02.22 09:16:54 | 000,136,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2013.02.22 09:16:54 | 000,017,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2013.01.03 10:18:04 | 000,040,200 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2013.01.03 10:18:00 | 000,044,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2013.01.03 10:18:00 | 000,044,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2013.01.03 10:18:00 | 000,012,808 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2012.11.12 18:11:11 | 000,066,392 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdsandbox.sys -- (BDSandBox) DRV - [2012.11.02 14:17:14 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avchv.sys -- (avchv) DRV - [2012.10.04 14:30:05 | 000,162,976 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\System32\drivers\gzflt.sys -- (gzflt) DRV - [2012.10.02 12:31:18 | 000,134,136 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.06.13 09:49:46 | 000,062,464 | ---- | M] (Vyacheslav Frolov) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\com0com.sys -- (com0com) DRV - [2011.11.14 20:16:27 | 000,090,704 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.03.30 22:27:40 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Spyder3.sys -- (Spyder3) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.04.06 12:25:34 | 000,049,192 | ---- | M] (Dell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553scard.sys -- (d553scard) DRV - [2008.12.19 14:41:46 | 000,409,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553mdm2.sys -- (d553mdm2) DRV - [2008.12.19 14:41:46 | 000,375,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553unic.sys -- (d553unic) DRV - [2008.12.19 14:41:46 | 000,365,312 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553mdm.sys -- (d553mdm) DRV - [2008.12.19 14:41:46 | 000,356,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553card.sys -- (d553card) DRV - [2008.12.19 14:41:46 | 000,281,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553bus.sys -- (d553bus) DRV - [2008.12.19 14:41:46 | 000,025,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553nd5.sys -- (d553nd5) DRV - [2008.12.19 14:41:46 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553mdfl2.sys -- (d553mdfl2) DRV - [2008.12.19 14:41:46 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553mdfl.sys -- (d553mdfl) DRV - [2007.09.13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.06.25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.06.01 14:57:18 | 000,178,176 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI) DRV - [2005.05.24 23:26:16 | 000,018,432 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\HHD Software\Free Serial Port Monitor\sermon.sys -- (SerMon) DRV - [2005.05.24 23:23:52 | 000,007,632 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\HHD Software\Device Monitor\NDMSHLP.sys -- (NDMSHLP) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/my_homepage/0022/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankLBA IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home|hxxp://www.giga.de/my_homepage/0022/" FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5 FF - prefs.js..extensions.enabledAddons: amazon-icon%40winload.de:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.02.28 17:01:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.27 16:19:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.07 12:55:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013.06.06 08:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.27 16:19:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.07 12:55:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.30 20:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.06.13 21:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions [2013.06.13 21:36:29 | 000,000,000 | ---D | M] (Amazon-Icon) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions\amazon-icon@winload.de [2013.06.13 21:36:32 | 000,000,000 | ---D | M] (Spartipps von SparPilot.com) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions\sparpilot@sparpilot.com [2013.02.24 14:31:55 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2013.03.21 20:11:37 | 000,001,050 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\searchplugins\11-suche.xml [2013.03.21 20:11:37 | 000,002,418 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\searchplugins\englische-ergebnisse.xml [2013.03.21 20:11:37 | 000,010,701 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\searchplugins\gmx-suche.xml [2013.06.17 20:18:05 | 000,002,251 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\searchplugins\gutscheinsuche.xml [2013.03.21 20:11:37 | 000,002,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\searchplugins\lastminute.xml [2013.03.21 20:11:37 | 000,005,682 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\searchplugins\webde-suche.xml [2013.05.28 11:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Extensions [2013.05.27 16:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013.05.27 16:19:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.02.28 17:01:10 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Giant Savings Extension) - {11111111-1111-1111-1111-110211181110} - C:\Program Files\Giant Savings Extension\Giant Savings Extension.dll (215 Apps) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.11.2\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Reg Error: Value error.) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - Reg Error: Value error. File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AXIS Camera Station Service Control] "C:\Program Files\Axis Communications\AXIS Camera Station 3\AcsAdmin.exe" File not found O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O8 - Extra context menu item: Download with Download Manager - C:\Program Files\Storage Server\Storage Server\DM\GetUrl.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found O13 - gopher Prefix: missing O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://192.168.11.55/activex/AxisCamControl.cab (CamImage Class) O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} hxxp://192.168.11.22/activex/decoder/intel_mpeg4_dec.cab (Reg Error: Key error.) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://192.168.11.22/activex/AMC.cab (Reg Error: Key error.) O16 - DPF: {E6644870-F140-11D4-B761-00D0B73F3C8E} hxxp://192.168.11.55/activex/AxisCamMotionControl.ocx (CamImage Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B1E5522-8682-4A04-B07F-AA2E2DAC3817}: NameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DF2C106-63D4-4FA4-8E9E-83591694EAD3}: DhcpNameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1F34528-362E-4FDD-A48B-5A7FB2650FF8}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C421BFF7-7F09-4DDE-92DF-738179F4BE96}: DhcpNameServer = 192.168.1.1 192.168.1.1 O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0cdfdcb5-a44e-11e2-b676-00218681fc00}\Shell - "" = AutoRun O33 - MountPoints2\{0cdfdcb5-a44e-11e2-b676-00218681fc00}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{68e40712-372b-11e2-82ff-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{68e40712-372b-11e2-82ff-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.18 16:51:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.16 07:52:55 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\feig mit übergabe [2013.06.13 21:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro [2013.06.13 21:36:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp8d4cc0a87c6f902a322c6e9299798fe4 [2013.06.13 21:36:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp0d761158d422d7dfdb385323b1ed39a2 [2013.06.13 21:36:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Tempa97fe6dc848d3b26239ec9d17c82b43a [2013.06.13 21:36:28 | 000,000,000 | ---D | C] -- C:\Users\***\ChromeExtensions [2013.06.09 15:40:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Heidebogenlauf_2012 [2013.06.09 14:35:36 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Heidebogenlauf_2013 [2013.06.09 13:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2013.06.06 11:28:02 | 000,072,704 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys [2013.06.06 08:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013 [2013.06.06 08:25:32 | 000,078,144 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys [2013.06.06 08:25:32 | 000,066,392 | ---- | C] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys [2013.06.06 08:25:29 | 000,242,504 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys [2013.06.06 08:25:28 | 000,633,344 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys [2013.06.06 08:25:28 | 000,486,536 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys [2013.06.06 08:25:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Bitdefender [2013.06.06 08:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender [2013.06.06 08:23:14 | 000,162,976 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys [2013.06.06 08:23:13 | 000,355,744 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys [2013.06.02 13:48:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\com0com [2013.06.02 13:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\com0com [2013.06.02 12:09:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.06.02 12:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.06.02 12:09:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Notepad++ [2013.06.02 12:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++ [2013.06.01 00:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HHD Free Serial Port Monitor [2013.06.01 00:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\HHD Software [2013.06.01 00:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HHD Software [2013.06.01 00:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Docklight V2.0 [2013.06.01 00:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\FuH [2013.06.01 00:11:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.05.29 13:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Storage Server [2013.05.29 13:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Storage Server [2013.05.25 17:02:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\webkit [2013.05.21 18:00:52 | 000,000,000 | ---D | C] -- C:\Intel [2013.05.21 17:54:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.18 16:50:15 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.06.18 16:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.18 16:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.18 15:48:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.17 20:23:44 | 000,026,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.17 20:23:44 | 000,026,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.17 20:21:03 | 000,649,450 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.17 20:21:03 | 000,614,160 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.17 20:21:03 | 000,129,020 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.17 20:21:03 | 000,105,402 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.17 20:16:26 | 2810,683,392 | -HS- | M] () -- C:\hiberfil.sys [2013.06.14 17:42:19 | 000,023,440 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.06.06 13:31:34 | 388,828,466 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.06 11:28:02 | 000,072,704 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys [2013.06.06 08:26:26 | 000,439,080 | ---- | M] () -- C:\ProgramData\1370499782.bdinstall.bin [2013.06.06 08:25:47 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01 [2013.06.06 08:25:47 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr [2013.06.06 08:25:47 | 000,000,308 | -H-- | M] () -- C:\bdr-cf01 [2013.06.06 08:25:40 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk [2013.06.06 08:25:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf [2013.06.06 08:20:57 | 000,224,049 | ---- | M] () -- C:\ProgramData\1370499576.bdinstall.bin [2013.06.02 12:18:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_vyser_01_09_00.Wdf [2013.05.29 12:17:01 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2013.05.28 12:11:21 | 000,355,744 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys [2013.05.27 16:53:10 | 000,025,984 | ---- | M] () -- C:\Windows\System32\drivers\VSPE.sys [2013.05.25 16:43:58 | 000,075,706 | ---- | M] () -- C:\Users\***\Desktop\roh.png [2013.05.21 18:07:17 | 000,015,568 | ---- | M] () -- C:\Windows\System32\results.xml [2013.05.20 22:07:09 | 001,728,512 | ---- | M] () -- C:\Users\***\Documents\Datenbank1.accdb [2013.05.20 22:06:41 | 001,323,008 | ---- | M] () -- C:\Users\***\Documents\test.accdb [2013.05.20 22:06:32 | 000,602,421 | ---- | M] () -- C:\Users\***\Documents\Projekte.accdt [2013.05.20 21:18:09 | 000,905,216 | ---- | M] () -- C:\Users\***\Documents\Studi.accdb [2013.05.20 20:44:16 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.18 16:50:15 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.06.14 17:42:19 | 000,023,440 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.06.06 08:26:26 | 000,439,080 | ---- | C] () -- C:\ProgramData\1370499782.bdinstall.bin [2013.06.06 08:25:47 | 000,000,308 | -H-- | C] () -- C:\bdr-cf01 [2013.06.06 08:25:40 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk [2013.06.06 08:25:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf [2013.06.06 08:25:15 | 036,573,121 | -H-- | C] () -- C:\bdr-im01.gz [2013.06.06 08:25:15 | 002,294,848 | -H-- | C] () -- C:\bdr-bz01 [2013.06.06 08:25:15 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01 [2013.06.06 08:25:15 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr [2013.06.06 08:20:57 | 000,224,049 | ---- | C] () -- C:\ProgramData\1370499576.bdinstall.bin [2013.06.02 12:18:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_vyser_01_09_00.Wdf [2013.05.29 12:17:01 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp [2013.05.27 16:53:10 | 000,025,984 | ---- | C] () -- C:\Windows\System32\drivers\VSPE.sys [2013.05.25 16:43:58 | 000,075,706 | ---- | C] () -- C:\Users\***\Desktop\roh.png [2013.05.21 18:07:17 | 000,015,568 | ---- | C] () -- C:\Windows\System32\results.xml [2013.05.20 22:06:41 | 001,728,512 | ---- | C] () -- C:\Users\***\Documents\Datenbank1.accdb [2013.05.20 22:06:32 | 000,602,421 | ---- | C] () -- C:\Users\***\Documents\Projekte.accdt [2013.05.20 21:08:18 | 000,905,216 | ---- | C] () -- C:\Users\***\Documents\Studi.accdb [2013.05.20 20:49:15 | 001,323,008 | ---- | C] () -- C:\Users\***\Documents\test.accdb [2013.04.07 10:12:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2013.04.07 10:12:31 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2013.03.19 17:31:54 | 009,731,000 | ---- | C] () -- C:\Users\***\DELL_WIRELESS-5530-HSPA-MINI_A07_R220893.exe [2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.11.26 05:08:49 | 000,649,450 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.11.26 05:08:49 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.11.26 05:08:49 | 000,129,020 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.11.26 05:08:49 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2012.11.25 23:01:40 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.11.25 23:01:40 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.11.25 23:01:04 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2012.11.25 23:00:59 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2012.11.25 20:59:02 | 000,411,074 | ---- | C] () -- C:\ProgramData\1353869557.bdinstall.bin [2012.11.25 20:20:13 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2012.07.04 17:56:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\JavaWrapper.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.06.2013 16:51:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,49 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 48,91% Memory free
6,98 Gb Paging File | 4,81 Gb Available in Paging File | 68,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,14 Gb Total Space | 59,10 Gb Free Space | 49,60% Space Free | Partition Type: NTFS
Computer Name: TORSTEN-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{122B0B94-C284-4AFE-A246-AD49B615E9E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3A62F420-10E4-43E9-A3AE-399089DCE999}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41141674-1332-4C32-B5AC-3AEB205D8257}" = lport=2869 | protocol=6 | dir=in | app=system |
"{52C621E9-C17F-4EB8-A40A-C8059D9A2CD1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C092EBC-B86A-4F7A-A2A0-B95454DEF946}" = lport=139 | protocol=6 | dir=in | app=system |
"{78B03795-784E-43AB-903A-F1C461BFD8F7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80F26214-EF3D-4A6E-8141-8F20CF553907}" = rport=445 | protocol=6 | dir=out | app=system |
"{83CCEE5F-7444-489D-A3DE-0C4410EBE833}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85AAC376-A8E0-42E5-B2E8-6D40A83F8B32}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{8AB74E71-C73B-4384-B247-4453CF58CBEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{99F789A3-5BDF-486B-9254-1FFBCA6AF2EC}" = lport=445 | protocol=6 | dir=in | app=system |
"{A3BCC053-3EF6-4C74-A74B-F6612AFE8F3E}" = lport=138 | protocol=17 | dir=in | app=system |
"{BA97541E-8210-4DB3-B6B4-6DF6858A9417}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C14353D0-BF81-4DA5-8CD0-7F6C287C5BC5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C34009B6-A157-4F7F-91F2-9A8379E520EA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CB55DAEE-D8D9-4EA3-B3B8-ECED5962CE40}" = rport=138 | protocol=17 | dir=out | app=system |
"{CBA5E328-01F7-4A46-A945-3FB7E5C31AAD}" = rport=139 | protocol=6 | dir=out | app=system |
"{CD8943EE-9C90-4BC0-BB76-227F3CE992A8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF5EE553-EA6C-4C1B-8F2D-6B1CD50651D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CFE144A2-A03B-4B7B-AFD0-A45D48627E93}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D06E1A08-8FCF-4F73-A680-1B79C947BCC4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DD0560F2-CD52-4DD7-88C7-22C634061A09}" = rport=137 | protocol=17 | dir=out | app=system |
"{E0922970-8D9A-40C8-8777-6A527001A893}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F099630C-9B11-4520-B87B-1EE91DC35FF5}" = lport=137 | protocol=17 | dir=in | app=system |
"{F2D1844B-1B32-4E32-901E-198827BE4B55}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012DD491-90A2-4E11-B304-D2B64CBD4916}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{054C7C19-6354-4B2A-AFCB-66E326D39E80}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{08D642DF-B2F3-4417-BE09-9B0479B2D708}" = protocol=6 | dir=in | app=c:\program files\axis communications\axis camera station\acsservice.exe |
"{12E2C3BA-1416-4C54-BA3D-71D3EC2EEB30}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{1F8F8C94-25A3-41B4-A557-3FA4A08E333A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A28E78B-1580-433F-AD2F-296FD2945933}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{3A2B437C-085F-4E23-8CA0-763F8B3B60E0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3CA06E59-021D-4B9C-A741-CDE67B08983F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3F58B05E-8F21-43C6-B606-43397F10C3AF}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{4123A5AE-767F-4D3E-8089-C2326B286384}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{49B29E28-D64D-4615-A92F-853B2964AC97}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4E7EFAF8-9D44-4DB9-91E9-525CEBD1FF67}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{63B663CF-D9C8-4139-984E-2F9193CD9B75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7081FC8B-C16E-4452-AFA2-BCB0EB165140}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{76ABB544-E55D-409E-BA89-F8F3D2656309}" = protocol=17 | dir=in | app=c:\program files\deskshare\ip camera viewer 1.0\ip camera viewer.exe |
"{8B91C19B-0BEC-423D-8EDB-2F696EBE28B6}" = protocol=17 | dir=in | app=c:\program files\axis communications\axis camera station\acsservice.exe |
"{90E97C33-1FF9-43DD-A001-D711CFF6C3BC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{A3D5AB98-8023-483B-A1D8-934D15994BB2}" = protocol=6 | dir=out | app=system |
"{B3FCC96E-B03A-40F3-94D5-5FC97873C0AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5BA40C4-B0C3-4FD0-910C-C4A3D3A837A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B71F8DF9-7FD7-458B-A914-091E0954A514}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B75D1B9E-0608-4B93-95BF-0D0A6DDCD42A}" = protocol=6 | dir=in | app=c:\program files\deskshare\ip camera viewer 1.0\ip camera viewer.exe |
"{C0BAD43C-8E7D-464F-B582-B7850FC13BD5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C8306D78-53D9-4D01-9DB3-8646AD78209A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CDADA5DA-C8AA-494E-9188-C415E67CFAB2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D1796E5D-E3DA-4D17-A35F-62ADFE0F7023}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ECC6A410-D3E7-4F14-87C4-759352D20006}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF2B543D-E970-40B2-A833-454EC0AB6FCF}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{F5F0EEB3-4959-45CC-A008-1D4AE635250A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FAAC59EC-0A9E-45EA-8986-8FFE66CC0E0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FE89EBF4-3E79-46DF-8115-F738693CCC12}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{24B7DEE6-2487-4650-AC7B-6F63B3DF17A4}" = Dell 5530 Wireless Broadband Package
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
"{3472693C-6EC5-41FA-B5B9-A22B11AEFE72}" = HHD Software Free Serial Port Monitor 3.31
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite DCP-585CW
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C7F964-AC58-4104-B613-B4D0F61DA8CD}" = Microsoft SQL Server 2012 Native Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D9DA2981-3298-4F1A-9192-F2CF5BD91145}" = Microsoft SQL Server 2012 Express LocalDB
"{EBA92E15-A690-4044-A4EC-44D11689AEFE}" = Storage Server
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BabylonToolbar" = Babylon toolbar
"Bitdefender" = Bitdefender Internet Security 2013
"com0com" = Null-modem emulator (com0com)
"Dell Dock" = Dell Dock
"Foxit Reader_is1" = Foxit Reader
"FuH_Docklight_V1_9_200_is1" = Docklight V2.0
"Giant Savings Extension" = Giant Savings Extension
"GIMP-2_is1" = GIMP 2.8.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"sp6" = Logitech SetPoint 6.52
"SprecherPC" = SprecherPC
"ST6UNST #1" = TEAM
"TeamViewer 8" = TeamViewer 8
"Totalcmd" = Total Commander (Remove or Repair)
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.5
"WinLaufen" = WinLaufen
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"DSite" = Update for FLV Player
"FLV Player" = FLV Player
"FLV Player Packages" = FLV Player Packages
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.05.2013 07:35:06 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.05.2013 09:31:37 | Computer Name = Torsten-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\Kies\External\firmwareupdate\GT-I9000\DeviceController64.exe".
Fehler in Manifest- oder Richtliniendatei "c:\program files\Samsung\Kies\External\firmwareupdate\GT-I9000\Microsoft.VC90.CRT.MANIFEST"
in Zeile 11. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition:
Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 01.05.2013 09:32:00 | Computer Name = Torsten-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\Kies\External\firmwareupdate\GT-S5830\DeviceController64.exe".
Fehler in Manifest- oder Richtliniendatei "c:\program files\Samsung\Kies\External\firmwareupdate\GT-S5830\Microsoft.VC90.CRT.MANIFEST"
in Zeile 11. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition:
Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 01.05.2013 09:32:55 | Computer Name = Torsten-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\common
files\Logishrd\sp6_uninstall\tools\64\AddBrowsers.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.05.2013 09:32:59 | Computer Name = Torsten-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\totalcmd\TCUNIN64.EXE".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 02.05.2013 05:06:48 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.05.2013 07:14:16 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.05.2013 03:39:55 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.05.2013 08:34:38 | Computer Name = Torsten-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/03 14:34:38.482]: [00002584]: GetDeviceIpAddress:
GetAddressByName [BRW904CE55FE52B] Error
Error - 06.05.2013 03:09:15 | Computer Name = Torsten-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/05/06 09:09:15.332]: [00002540]: GetDeviceIpAddress:
GetAddressByName [BRW904CE55FE52B] Error
Error - 06.05.2013 03:09:18 | Computer Name = Torsten-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 13.04.2013 12:43:20 | Computer Name = Torsten-PC | Source = SCardSvr | ID = 610
Description =
Error - 13.04.2013 12:43:20 | Computer Name = Torsten-PC | Source = SCardSvr | ID = 610
Description =
Error - 13.04.2013 12:43:20 | Computer Name = Torsten-PC | Source = SCardSvr | ID = 610
Description =
Error - 13.04.2013 12:43:20 | Computer Name = Torsten-PC | Source = SCardSvr | ID = 610
Description =
Error - 13.04.2013 12:43:20 | Computer Name = Torsten-PC | Source = SCardSvr | ID = 610
Description =
Error - 13.04.2013 12:43:20 | Computer Name = Torsten-PC | Source = SCardSvr | ID = 610
Description =
Error - 13.04.2013 12:43:20 | Computer Name = Torsten-PC | Source = SCardSvr | ID = 610
Description =
Error - 13.04.2013 12:43:20 | Computer Name = Torsten-PC | Source = SCardSvr | ID = 610
Description =
Error - 13.04.2013 12:43:20 | Computer Name = Torsten-PC | Source = SCardSvr | ID = 610
Description =
Error - 13.04.2013 12:43:20 | Computer Name = Torsten-PC | Source = SCardSvr | ID = 610
Description =
< End of report >
|
|
18.06.2013, 16:13
| #4 |
| /// TB-Ausbilder   | hintergrundprogramm vermutet! Ok, dann so weiter: Schritt 1
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Scan mit Combofix
Schritt 4 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
18.06.2013, 16:31
| #5 |
| | hintergrundprogramm vermutet! hy, noch eine kleine anmerkung, Ich habe eine virtuelle serial bridge gebaut die sollte natürlich noch danach vorhanden sein :-) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 18/06/2013 um 17:36:10 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : *** - TORSTEN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Torsten\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\ski\AppData\Roaming\Mozilla\Firefox\Profiles\7uf0b951.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\ski\AppData\Roaming\Mozilla\Firefox\Profiles\7uf0b951.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Torsten\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\7a72tyc5.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\7a72tyc5.default\searchplugins\11-suche.xml
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Program Files\Giant Savings Extension
Ordner Gelöscht : C:\Program Files\Optimizer Pro
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7p6mifrw.default\extensions\crossriderapp21810@crossrider.com
Ordner Gelöscht : C:\Users\Torsten\AppData\Local\Giant Savings Extension
Ordner Gelöscht : C:\Users\Torsten\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Torsten\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Torsten\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Torsten\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\7a72tyc5.default\extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\7a72tyc5.default\jetpack
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\5228a8bbc3eef42
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Giant Savings Extension
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181110}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181110}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\5228a8bbc3eef42
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181110}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0021810.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0021810.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0021810.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0021810.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\halffneccaebicfdfajnbfgpglahfgoe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181110}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension-InternalInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings Extension-InternalInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181110}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181110}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings Extension
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\7a72tyc5.default\prefs.js
C:\Users\Torsten\AppData\Roaming\Mozilla\Firefox\Profiles\7a72tyc5.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.ffxUnstlRst", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "94db823300000000000000218681fc00");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15735");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", false);
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.2");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.219:17:47");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.2");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110825&tt=300113_tbnew");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.crossriderapp21810.adsOldValue", -1);
Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7p6mifrw.default\prefs.js
Gelöscht : user_pref("extensions.crossriderapp21810.adsOldValue", -1);
Datei : C:\Users\ski\AppData\Roaming\Mozilla\Firefox\Profiles\7uf0b951.default\prefs.js
Gelöscht : user_pref("extensions.crossriderapp21810.adsOldValue", -1);
*************************
AdwCleaner[S1].txt - [8079 octets] - [18/06/2013 17:36:10]
########## EOF - C:\AdwCleaner[S1].txt - [8139 octets] ##########
Combofix Logfile: Code:
ATTFilter ComboFix 13-06-18.02 - *** 18.06.2013 17:43:45.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3574.2185 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Bitdefender Virenschutz *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Spyware-Schutz *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1353869557.bdinstall.bin
c:\programdata\1370499576.bdinstall.bin
c:\programdata\1370499782.bdinstall.bin
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-18 bis 2013-06-18 ))))))))))))))))))))))))))))))
.
.
2013-06-18 15:36 . 2013-06-18 15:36 97 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-13 19:36 . 2013-06-13 19:36 -------- d-----w- c:\users\***\AppData\Local\Temp8d4cc0a87c6f902a322c6e9299798fe4
2013-06-13 19:36 . 2013-06-13 19:36 -------- d-----w- c:\users\***\AppData\Local\Temp0d761158d422d7dfdb385323b1ed39a2
2013-06-13 19:36 . 2013-06-13 19:36 -------- d-----w- c:\users\***\ChromeExtensions
2013-06-13 19:36 . 2013-06-13 19:36 -------- d-----w- c:\users\***\AppData\Local\Tempa97fe6dc848d3b26239ec9d17c82b43a
2013-06-13 15:49 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-13 15:49 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-13 15:49 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-13 15:49 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-13 15:49 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-13 15:49 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-13 15:49 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-13 15:49 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-13 15:49 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-13 15:49 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-13 15:49 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-13 15:47 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-09 11:41 . 2013-06-09 11:59 -------- d-----w- c:\program files\Microsoft Office 15
2013-06-09 11:39 . 2013-06-09 11:48 -------- d-----w- c:\program files\office.tmp
2013-06-06 09:28 . 2013-06-06 09:28 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2013-06-06 06:25 . 2013-02-22 17:46 78144 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2013-06-06 06:25 . 2012-11-12 16:11 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2013-06-06 06:25 . 2009-07-14 21:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-06-06 06:25 . 2012-11-02 12:17 242504 ----a-w- c:\windows\system32\drivers\avchv.sys
2013-06-06 06:25 . 2013-04-17 12:59 633344 ----a-w- c:\windows\system32\drivers\avc3.sys
2013-06-06 06:25 . 2013-04-17 12:59 486536 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-06-06 06:25 . 2013-06-06 06:25 -------- d-----w- c:\users\***\AppData\Roaming\Bitdefender
2013-06-06 06:25 . 2013-06-06 06:25 -------- d-----w- c:\programdata\Bitdefender
2013-06-06 06:23 . 2012-10-04 12:30 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys
2013-06-06 06:23 . 2013-05-28 10:11 355744 ----a-w- c:\windows\system32\drivers\trufos.sys
2013-06-02 11:47 . 2013-06-02 11:47 -------- d-----w- c:\program files\com0com
2013-06-02 10:16 . 2012-02-27 10:04 82152 ----a-w- c:\windows\system32\drivers\UMDF\vyser.dll
2013-06-02 10:16 . 2009-07-14 08:21 1837296 ----a-w- c:\windows\system32\WudfUpdate_01009.dll
2013-06-02 10:09 . 2013-06-02 10:09 -------- d-----w- c:\users\***\AppData\Roaming\Notepad++
2013-06-02 10:09 . 2013-06-02 10:09 -------- d-----w- c:\program files\Notepad++
2013-05-31 22:31 . 2013-06-02 11:46 -------- d-----w- c:\program files\HHD Software
2013-05-31 22:31 . 2013-05-31 22:31 -------- d-----w- c:\program files\Common Files\HHD Software
2013-05-31 22:11 . 2013-05-31 22:11 -------- d-----w- c:\program files\FuH
2013-05-31 22:11 . 2008-11-13 08:25 219464 ----a-w- c:\windows\system32\RICHTX32.OCX
2013-05-31 22:11 . 2008-11-13 08:25 157000 ----a-w- c:\windows\system32\COMDLG32.OCX
2013-05-31 22:11 . 2008-11-13 08:25 130888 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2013-05-31 22:11 . 2008-11-13 08:25 128840 ----a-w- c:\windows\system32\MSWINSCK.OCX
2013-05-31 22:11 . 2013-05-31 22:11 -------- d-----w- c:\users\***\AppData\Local\Programs
2013-05-30 07:38 . 2013-05-30 07:41 -------- d-----w- c:\users\ski\AppData\Roaming\TeamViewer
2013-05-29 11:06 . 2013-05-29 11:06 -------- d-----w- c:\program files\Storage Server
2013-05-27 14:53 . 2013-05-27 14:53 25984 ----a-w- c:\windows\system32\drivers\VSPE.sys
2013-05-27 14:19 . 2013-05-27 14:19 262552 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-25 15:02 . 2013-05-25 15:02 -------- d-----w- c:\users\***\AppData\Local\webkit
2013-05-21 16:00 . 2013-05-21 16:00 -------- d-----w- C:\Intel
2013-05-20 13:29 . 2013-05-20 13:29 -------- d-----w- c:\users\ski\AppData\Local\Macromedia
2013-05-20 13:20 . 2013-05-20 13:20 -------- d-----w- c:\users\ski\AppData\Roaming\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 15:37 . 2012-11-25 19:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-13 15:37 . 2012-11-25 19:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-16 06:10 . 2013-02-27 15:17 563920 ------w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-04-26 15:30 . 2013-04-26 15:30 249856 ------w- c:\windows\Setup1.exe
2013-04-26 15:30 . 2013-04-26 15:30 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-04-22 15:57 . 2013-04-22 15:57 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-22 15:57 . 2013-04-22 15:57 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-22 15:57 . 2013-04-22 15:57 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-22 15:57 . 2013-04-22 15:57 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-22 15:57 . 2013-04-22 15:57 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-22 15:57 . 2013-04-22 15:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-22 15:57 . 2013-04-22 15:57 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-22 15:57 . 2013-04-22 15:57 361984 ----a-w- c:\windows\system32\html.iec
2013-04-22 15:57 . 2013-04-22 15:57 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-22 15:57 . 2013-04-22 15:57 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-22 15:57 . 2013-04-22 15:57 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-22 15:57 . 2013-04-22 15:57 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-22 15:57 . 2013-04-22 15:57 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-22 15:57 . 2013-04-22 15:57 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-22 15:57 . 2013-04-22 15:57 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-22 15:57 . 2013-04-22 15:57 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-22 15:57 . 2013-04-22 15:57 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-13 04:45 . 2013-05-15 15:30 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 15:30 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-23 18:30 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-15 15:30 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-15 15:30 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-15 15:30 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 03:35 . 2013-05-02 08:20 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-10 05:37 130736 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-03-28 1511792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-03-28 310640]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2238704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-04-24 1611784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 280576]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
Samsung SSD Magician.lnk - c:\program files\Samsung SSD Magician\Samsung SSD Magician.exe /AUTOHIDE [2012-11-25 2056192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2013-02-08 18:30 66800 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AXIS Camera Station;AXIS Camera Station;c:\program files\axis communications\axis camera station 3\AcsService.exe [x]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe [2012-03-12 232288]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2013-04-17 486536]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2012-11-12 66392]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 NDMSHLP;Device Monitor Helper Driver;c:\program files\Common Files\HHD Software\Device Monitor\ndmshlp.sys [2005-05-24 7632]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SerMon;Serial Monitor Filter Driver;c:\program files\HHD Software\Free Serial Port Monitor\sermon.sys [2005-05-24 18432]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2010-03-30 12288]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2013-02-22 136904]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2013-02-22 17864]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2013-02-22 153672]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-27 1343400]
R3 Webcam Corp. Service Starter;Webcam Corp. Service Starter;c:\program files\WebcamSoft\NetCamCenter\nccsvc.exe [x]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2013-02-26 62688]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2013-04-17 633344]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2012-10-04 162976]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2013-02-22 78144]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 90704]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-03-20 233472]
S2 OfficeSvc;Microsoft Office-Dienst;c:\program files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-04-19 1293496]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-04-23 3574624]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [2013-02-26 55984]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2012-11-02 242504]
S3 d553bus;Dell Wireless 5530 HSPA Mobile Broadband Minicard Device driver (WDM);c:\windows\system32\DRIVERS\d553bus.sys [2008-12-19 281216]
S3 d553card;Dell Wireless 5530 HSPA Mobile Broadband Minicard i7;c:\windows\system32\DRIVERS\d553card.sys [2008-12-19 356352]
S3 d553mdfl;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Filter;c:\windows\system32\DRIVERS\d553mdfl.sys [2008-12-19 14976]
S3 d553mdfl2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Filter;c:\windows\system32\DRIVERS\d553mdfl2.sys [2008-12-19 14976]
S3 d553mdm;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem Driver;c:\windows\system32\DRIVERS\d553mdm.sys [2008-12-19 365312]
S3 d553mdm2;Dell Wireless 5530 HSPA Mobile Broadband Minicard Modem 2 Driver;c:\windows\system32\DRIVERS\d553mdm2.sys [2008-12-19 409216]
S3 d553nd5;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (NDIS);c:\windows\system32\DRIVERS\d553nd5.sys [2008-12-19 25984]
S3 d553scard;Dell Wireless 5530 HSPA Mobile Broadband Minicard PC SC Port;c:\windows\system32\DRIVERS\d553scard.sys [2009-04-06 49192]
S3 d553unic;Dell Wireless 5530 HSPA Mobile Broadband Minicard NetworkAdapter (WDM);c:\windows\system32\DRIVERS\d553unic.sys [2008-12-19 375424]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2013-03-20 37344]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2013-01-03 44296]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2013-01-03 12808]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-25 15:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Download with Download Manager - c:\program files\Storage Server\Storage Server\DM\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{8B1E5522-8682-4A04-B07F-AA2E2DAC3817}: NameServer = 192.168.178.1
DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} - hxxp://192.168.11.22/activex/decoder/intel_mpeg4_dec.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://192.168.11.22/activex/AMC.cab
DPF: {E6644870-F140-11D4-B761-00D0B73F3C8E} - hxxp://192.168.11.55/activex/AxisCamMotionControl.ocx
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7a72tyc5.default\
FF - prefs.js: browser.startup.homepage - about:home|hxxp://www.giga.de/my_homepage/0022/
FF - ExtSQL: 2013-06-13 21:36; amazon-icon@winload.de; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7a72tyc5.default\extensions\amazon-icon@winload.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-AXIS Camera Station Service Control - c:\program files\Axis Communications\AXIS Camera Station 3\AcsAdmin.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-DSite - c:\users\***\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-18 17:50:55
ComboFix-quarantined-files.txt 2013-06-18 15:50
.
Vor Suchlauf: 16 Verzeichnis(se), 64.405.880.832 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 76.073.840.640 Bytes frei
.
- - End Of File - - 7F3EA6D954B0649FC5A3558C5D97EBE3
A36C5E4F47E84449FF07ED3517B43A31 OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.06.2013 17:54:06 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 63,28% Memory free 6,98 Gb Paging File | 5,66 Gb Available in Paging File | 81,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,14 Gb Total Space | 70,92 Gb Free Space | 59,53% Space Free | Partition Type: NTFS Computer Name: TORSTEN-PC | User Name: Torsten | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.18 16:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.05.27 16:19:56 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013.05.27 11:36:54 | 001,345,008 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe PRC - [2013.04.24 17:17:38 | 001,611,784 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe PRC - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013.04.19 20:55:46 | 001,293,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe PRC - [2013.03.28 11:32:34 | 000,310,640 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.03.28 11:32:32 | 001,511,792 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe PRC - [2013.03.20 10:07:18 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2013.02.26 17:33:03 | 000,055,984 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe PRC - [2013.02.21 04:44:22 | 002,238,704 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe PRC - [2013.02.21 04:43:48 | 000,365,808 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe PRC - [2013.02.08 20:32:00 | 000,150,768 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.10.12 16:45:37 | 001,324,384 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe PRC - [2010.01.11 20:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2009.02.24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe PRC - [2008.02.22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2008.02.22 17:54:34 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PRC - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007.09.13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe PRC - [2007.07.02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2007.05.22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2006.09.08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe ========== Modules (No Company Name) ========== MOD - [2013.06.09 20:56:32 | 006,891,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\dc3fdc23f6516b3a7f1e2c8331d7e9de\DeviceHost.ni.dll MOD - [2013.05.27 16:19:55 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013.05.25 14:56:52 | 017,490,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\981f47ca4918ad980c186bd8e87e2714\Kies.Theme.ni.dll MOD - [2013.05.25 14:56:51 | 000,611,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\2968bf136dea2e9067dab3a33e6b4e79\DevicePodcast.ni.dll MOD - [2013.05.25 14:56:51 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\b29426aeb9455161ea12b87cda0ba5dc\DummyStorePlugin.ni.dll MOD - [2013.05.25 14:56:50 | 000,294,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\c3313e8e25da6201783c17dfaa5b0496\DeviceVideo.ni.dll MOD - [2013.05.25 14:56:49 | 000,349,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\aabdab07376e89e51c874bf9317e4dc7\DevicePhoto.ni.dll MOD - [2013.05.25 14:56:48 | 000,302,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\ebb58456cb633e779aa4e138ed0fed27\DeviceMusic.ni.dll MOD - [2013.05.25 14:56:47 | 000,470,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\3748f813d0f58499af4d415eb916fc3e\VideoManager.ni.dll MOD - [2013.05.25 14:56:46 | 000,778,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\9496fd8f78b04dd17355f45e18a22be9\PhotoManager.ni.dll MOD - [2013.05.25 14:56:45 | 001,979,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\b963ec0e84642810e0bc4c2f89739998\Phonebook.ni.dll MOD - [2013.05.25 14:56:42 | 000,941,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\3d3de392d7b52801076f0e9f78d9477f\MusicManager.ni.dll MOD - [2013.05.25 14:56:41 | 000,404,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\d676ff1bf0767470c9a5560f1aa2d14d\BATPlugin.ni.dll MOD - [2013.05.25 14:56:37 | 000,516,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\d2f8537926b7e4379d2e08dfa585f5f1\Kies.Common.MediaDB.ni.dll MOD - [2013.05.25 14:56:37 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\73aff30f19962e3fb19442930a7c40a7\Kies.Common.StoreManager.ni.dll MOD - [2013.05.25 14:56:36 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\47de253a8d7dd978e6f8d6f38340bc1f\ASF_cSharpAPI.ni.dll MOD - [2013.05.25 14:56:36 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\b44b3d6f3419c0ab9d18515897de9d1c\Kies.Common.AllShare.ni.dll MOD - [2013.05.25 14:56:35 | 000,109,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\6a0fc4cdacb74e4e86f529a2151cb551\Kies.Common.CRMManager.ni.dll MOD - [2013.05.25 14:56:35 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\cd4d2be1cc192ac58b54cbcef3da4267\Kies.Common.DBManager.ni.dll MOD - [2013.05.25 14:56:34 | 000,201,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\89a756ec00423ef4f254d7b265abbe51\Kies.Common.MainUI.ni.dll MOD - [2013.05.25 14:56:33 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0c50720e6df047feaea9d1373218ef98\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2013.05.25 14:56:33 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\05f34c55cc3087dd715d09d4d4d472f6\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2013.05.25 14:56:32 | 000,583,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\092d19a3f8e23190733777a43fef7625\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2013.05.25 14:56:32 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\aa38ba603d11850b202aa5145df0998b\Interop.DevFileServiceLib.ni.dll MOD - [2013.05.25 14:56:31 | 001,180,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\023d7461d211849b8378c5ee2d8cdcc4\Kies.Common.DeviceService.ni.dll MOD - [2013.05.25 14:56:29 | 001,138,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\b8f52febfa59a72983e95ff7fbee3530\Podcaster.ni.dll MOD - [2013.05.25 14:56:27 | 000,701,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\797da83b62561a9fdcf939acf2c81175\DeviceCommonLib.ni.dll MOD - [2013.05.25 14:56:26 | 000,732,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\309df18b43e646e1c64f47d5bb21dada\Kies.Plugin.ContentsManagerLib.ni.dll MOD - [2013.05.25 14:56:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\34f367d44c1562ab56aa05eaed2f91d5\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2013.05.25 14:56:09 | 000,928,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f41b2d52c6b4992965ed42b7508b8acf\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2013.05.25 14:56:03 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\01935cef9ea3ddde60c2b310558344aa\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2013.05.25 14:56:03 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\4f53a1e1b55059e985cbd4208cbbed45\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2013.05.25 14:56:03 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2f449d48a3aec93521d145df401129e\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2013.05.25 14:56:03 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\fc90db09cc6cba4b0bd4740b21b72b5c\Interop.PRPLAYERCORELib.ni.dll MOD - [2013.05.25 14:56:01 | 002,201,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\c89138378589f1d533571dfaa839b44d\Kies.Common.Multimedia.ni.dll MOD - [2013.05.25 14:55:59 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8aab3ec4ac5c9ba00fd328816c82c2ae\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2013.05.25 14:55:58 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3621b825f8134d3d0046664aa1f56077\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2013.05.25 14:55:47 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\61776ec0db133130d3658f9c0bc49ab9\CabLib.ni.dll MOD - [2013.05.25 14:55:47 | 000,281,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\acf0e739a5df2f4fe0423eac282a43fd\Kies.Common.Util.ni.dll MOD - [2013.05.25 14:55:46 | 001,618,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\8f73b7d658ead2bc1693551c7e6835ef\Kies.Locale.ni.dll MOD - [2013.05.25 14:55:46 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\5e7660d7a2dd8241b3de09ad6053d44f\Interop.DeviceSearchLib.ni.dll MOD - [2013.05.25 14:55:45 | 001,926,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\88e8e2b97065473f8a653ebbdf20d8c7\Kies.UI.ni.dll MOD - [2013.05.25 14:55:45 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\9bef0062ce6063229092af8c83cbd955\Kies.MVVM.ni.dll MOD - [2013.05.25 14:55:43 | 000,154,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\38de67b8d7313ef36676f4e0b5a0ec0d\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2013.05.25 14:55:42 | 001,260,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\4e846e1974a75dd1c5dc55445ec2312b\Kies.Interface.ni.dll MOD - [2013.05.25 14:55:32 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\766ccafdc4a09b964aa9286a15bca48a\System.ServiceProcess.ni.dll MOD - [2013.05.25 14:55:22 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\18827146ec2b471d01410b0e7639653d\System.Runtime.Remoting.ni.dll MOD - [2013.05.25 14:55:15 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll MOD - [2013.05.25 14:55:13 | 002,117,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\16869c24e27fb629bad51a6c777383e1\Kies.ni.exe MOD - [2013.05.25 13:27:37 | 015,882,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\5a482e5d6b781b7cef30ce7c20caf96a\MenuSkinning.ni.dll MOD - [2013.05.25 13:26:55 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\ce5f3c95d85ce4e4ee12dcb6fd50876c\VistaBridgeLibrary.ni.dll MOD - [2013.05.25 13:26:52 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.05.25 13:26:51 | 002,584,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\fc8099175daa93a47757849ddd805b8e\DellDock.ni.exe MOD - [2013.05.25 13:26:50 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\c44d4e9a2f5a9e2988dfaa2d6b591b9e\MyDock.Util.ni.dll MOD - [2013.05.25 13:26:47 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.25 13:26:26 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.05.25 13:25:57 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.05.25 13:25:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\56765d6988c0fc573c31d3c6066fc704\System.Configuration.ni.dll MOD - [2013.05.25 13:25:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.05.25 13:25:46 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.05.25 13:25:46 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013.05.21 16:01:37 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll MOD - [2013.05.20 22:31:39 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.05.20 22:31:38 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll MOD - [2013.05.20 22:31:35 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll MOD - [2013.05.20 22:31:33 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll MOD - [2013.05.20 22:31:27 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll MOD - [2013.05.20 22:31:24 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.05.20 22:30:59 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2013.02.26 17:13:13 | 000,204,280 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll MOD - [2012.06.18 17:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll MOD - [2012.04.27 16:08:08 | 000,093,040 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\WebcamSoft\NetCamCenter\nccsvc.exe -- (Webcam Corp. Service Starter) SRV - File not found [Auto | Stopped] -- c:\program files\axis communications\axis camera station 3\AcsService.exe -- (AXIS Camera Station) SRV - [2013.06.13 17:38:01 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.27 16:19:56 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.27 11:36:54 | 001,345,008 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV) SRV - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.04.19 20:55:46 | 001,293,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe -- (OfficeSvc) SRV - [2013.03.20 10:07:18 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2013.02.26 17:33:03 | 000,055,984 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV) SRV - [2013.02.26 17:20:55 | 000,062,688 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental) SRV - [2013.02.08 20:29:56 | 000,295,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2012.12.27 21:32:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.03.12 11:05:33 | 000,232,288 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\MobileBrServ\mbbService.exe -- (Mobile Broadband HL Service) SRV - [2010.01.11 20:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.02.22 17:54:34 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc) SRV - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\***\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013.05.28 12:11:21 | 000,355,744 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\trufos.sys -- (trufos) DRV - [2013.04.17 14:59:04 | 000,633,344 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avc3.sys -- (avc3) DRV - [2013.04.17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf) DRV - [2013.03.20 10:07:16 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2013.02.22 19:46:48 | 000,078,144 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf) DRV - [2013.02.22 09:16:54 | 000,153,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2013.02.22 09:16:54 | 000,136,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2013.02.22 09:16:54 | 000,017,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2013.01.03 10:18:04 | 000,040,200 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2013.01.03 10:18:00 | 000,044,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2013.01.03 10:18:00 | 000,044,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2013.01.03 10:18:00 | 000,012,808 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2012.11.12 18:11:11 | 000,066,392 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdsandbox.sys -- (BDSandBox) DRV - [2012.11.02 14:17:14 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avchv.sys -- (avchv) DRV - [2012.10.04 14:30:05 | 000,162,976 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\System32\drivers\gzflt.sys -- (gzflt) DRV - [2012.10.02 12:31:18 | 000,134,136 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.06.13 09:49:46 | 000,062,464 | ---- | M] (Vyacheslav Frolov) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\com0com.sys -- (com0com) DRV - [2011.11.14 20:16:27 | 000,090,704 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.03.30 22:27:40 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Spyder3.sys -- (Spyder3) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.04.06 12:25:34 | 000,049,192 | ---- | M] (Dell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553scard.sys -- (d553scard) DRV - [2008.12.19 14:41:46 | 000,409,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553mdm2.sys -- (d553mdm2) DRV - [2008.12.19 14:41:46 | 000,375,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553unic.sys -- (d553unic) DRV - [2008.12.19 14:41:46 | 000,365,312 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553mdm.sys -- (d553mdm) DRV - [2008.12.19 14:41:46 | 000,356,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553card.sys -- (d553card) DRV - [2008.12.19 14:41:46 | 000,281,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553bus.sys -- (d553bus) DRV - [2008.12.19 14:41:46 | 000,025,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553nd5.sys -- (d553nd5) DRV - [2008.12.19 14:41:46 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553mdfl2.sys -- (d553mdfl2) DRV - [2008.12.19 14:41:46 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553mdfl.sys -- (d553mdfl) DRV - [2007.09.13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.06.25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.06.01 14:57:18 | 000,178,176 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI) DRV - [2005.05.24 23:26:16 | 000,018,432 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\HHD Software\Free Serial Port Monitor\sermon.sys -- (SerMon) DRV - [2005.05.24 23:23:52 | 000,007,632 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\HHD Software\Device Monitor\NDMSHLP.sys -- (NDMSHLP) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2320774815-1596731653-13179875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankLBA IE - HKU\S-1-5-21-2320774815-1596731653-13179875-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2320774815-1596731653-13179875-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2320774815-1596731653-13179875-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2320774815-1596731653-13179875-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home|hxxp://www.giga.de/my_homepage/0022/" FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5 FF - prefs.js..extensions.enabledAddons: amazon-icon%40winload.de:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.02.28 17:01:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.27 16:19:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.07 12:55:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013.06.06 08:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.27 16:19:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.07 12:55:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.30 20:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.06.18 17:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions [2013.06.13 21:36:29 | 000,000,000 | ---D | M] (Amazon-Icon) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions\amazon-icon@winload.de [2013.02.24 14:31:55 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2013.03.21 20:11:37 | 000,002,418 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\searchplugins\englische-ergebnisse.xml [2013.03.21 20:11:37 | 000,010,701 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\searchplugins\gmx-suche.xml [2013.03.21 20:11:37 | 000,002,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\searchplugins\lastminute.xml [2013.03.21 20:11:37 | 000,005,682 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\searchplugins\webde-suche.xml [2013.05.28 11:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Extensions [2013.05.27 16:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013.05.27 16:19:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.02.28 17:01:10 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT O1 HOSTS File: ([2013.06.18 17:49:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Reg Error: Value error.) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - Reg Error: Value error. File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-21-2320774815-1596731653-13179875-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2320774815-1596731653-13179875-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2320774815-1596731653-13179875-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Download with Download Manager - C:\Program Files\Storage Server\Storage Server\DM\GetUrl.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://192.168.11.55/activex/AxisCamControl.cab (CamImage Class) O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} hxxp://192.168.11.22/activex/decoder/intel_mpeg4_dec.cab (Reg Error: Key error.) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://192.168.11.22/activex/AMC.cab (Reg Error: Key error.) O16 - DPF: {E6644870-F140-11D4-B761-00D0B73F3C8E} hxxp://192.168.11.55/activex/AxisCamMotionControl.ocx (CamImage Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B1E5522-8682-4A04-B07F-AA2E2DAC3817}: NameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DF2C106-63D4-4FA4-8E9E-83591694EAD3}: DhcpNameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1F34528-362E-4FDD-A48B-5A7FB2650FF8}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C421BFF7-7F09-4DDE-92DF-738179F4BE96}: DhcpNameServer = 192.168.1.1 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.18 17:50:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.18 17:50:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2013.06.18 17:42:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.18 17:42:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.18 17:42:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.18 17:42:23 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.06.18 17:42:07 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.18 17:41:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.18 17:41:02 | 005,081,021 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.06.18 16:51:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.16 07:52:55 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\feig mit übergabe [2013.06.13 21:36:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp8d4cc0a87c6f902a322c6e9299798fe4 [2013.06.13 21:36:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp0d761158d422d7dfdb385323b1ed39a2 [2013.06.13 21:36:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Tempa97fe6dc848d3b26239ec9d17c82b43a [2013.06.13 21:36:28 | 000,000,000 | ---D | C] -- C:\Users\***\ChromeExtensions [2013.06.09 15:40:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Heidebogenlauf_2012 [2013.06.09 14:35:36 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Heidebogenlauf_2013 [2013.06.09 13:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2013.06.06 11:28:02 | 000,072,704 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys [2013.06.06 08:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013 [2013.06.06 08:25:32 | 000,078,144 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys [2013.06.06 08:25:32 | 000,066,392 | ---- | C] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys [2013.06.06 08:25:29 | 000,242,504 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys [2013.06.06 08:25:28 | 000,633,344 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys [2013.06.06 08:25:28 | 000,486,536 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys [2013.06.06 08:25:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Bitdefender [2013.06.06 08:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender [2013.06.06 08:23:14 | 000,162,976 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys [2013.06.06 08:23:13 | 000,355,744 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys [2013.06.02 13:48:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\com0com [2013.06.02 13:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\com0com [2013.06.02 12:09:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.06.02 12:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.06.02 12:09:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Notepad++ [2013.06.02 12:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++ [2013.06.01 00:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HHD Free Serial Port Monitor [2013.06.01 00:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\HHD Software [2013.06.01 00:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HHD Software [2013.06.01 00:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Docklight V2.0 [2013.06.01 00:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\FuH [2013.06.01 00:11:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.05.29 13:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Storage Server [2013.05.29 13:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Storage Server [2013.05.25 17:02:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\webkit [2013.05.21 18:00:52 | 000,000,000 | ---D | C] -- C:\Intel [2013.05.21 17:54:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.18 17:49:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.06.18 17:44:32 | 000,026,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.18 17:44:32 | 000,026,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.18 17:42:16 | 000,649,450 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.18 17:42:16 | 000,614,160 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.18 17:42:16 | 000,129,020 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.18 17:42:16 | 000,105,402 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.18 17:39:33 | 005,081,021 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.06.18 17:37:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.18 17:37:16 | 2810,683,392 | -HS- | M] () -- C:\hiberfil.sys [2013.06.18 17:36:27 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.06.18 17:34:43 | 000,648,201 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.06.18 17:28:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.18 16:50:15 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.06.18 16:06:56 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.06.18 16:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.14 17:42:19 | 000,023,440 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.06.06 13:31:34 | 388,828,466 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.06 11:28:02 | 000,072,704 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys [2013.06.06 08:25:47 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01 [2013.06.06 08:25:47 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr [2013.06.06 08:25:47 | 000,000,308 | -H-- | M] () -- C:\bdr-cf01 [2013.06.06 08:25:40 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk [2013.06.06 08:25:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf [2013.06.02 12:18:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_vyser_01_09_00.Wdf [2013.05.29 12:17:01 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2013.05.28 12:11:21 | 000,355,744 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys [2013.05.27 16:53:10 | 000,025,984 | ---- | M] () -- C:\Windows\System32\drivers\VSPE.sys [2013.05.25 16:43:58 | 000,075,706 | ---- | M] () -- C:\Users\***\Desktop\roh.png [2013.05.21 18:07:17 | 000,015,568 | ---- | M] () -- C:\Windows\System32\results.xml [2013.05.20 22:07:09 | 001,728,512 | ---- | M] () -- C:\Users\***\Documents\Datenbank1.accdb [2013.05.20 22:06:41 | 001,323,008 | ---- | M] () -- C:\Users\***\Documents\test.accdb [2013.05.20 22:06:32 | 000,602,421 | ---- | M] () -- C:\Users\***\Documents\Projekte.accdt [2013.05.20 21:18:09 | 000,905,216 | ---- | M] () -- C:\Users\***\Documents\Studi.accdb [2013.05.20 20:44:16 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.18 17:42:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.18 17:42:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.18 17:42:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.18 17:42:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.18 17:42:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.18 17:36:16 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.06.18 17:34:59 | 000,648,201 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.06.18 16:56:55 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.06.18 16:50:15 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.06.14 17:42:19 | 000,023,440 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.06.06 08:25:47 | 000,000,308 | -H-- | C] () -- C:\bdr-cf01 [2013.06.06 08:25:40 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk [2013.06.06 08:25:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf [2013.06.06 08:25:15 | 036,573,121 | -H-- | C] () -- C:\bdr-im01.gz [2013.06.06 08:25:15 | 002,294,848 | -H-- | C] () -- C:\bdr-bz01 [2013.06.06 08:25:15 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01 [2013.06.06 08:25:15 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr [2013.06.02 12:18:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_vyser_01_09_00.Wdf [2013.05.29 12:17:01 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp [2013.05.27 16:53:10 | 000,025,984 | ---- | C] () -- C:\Windows\System32\drivers\VSPE.sys [2013.05.25 16:43:58 | 000,075,706 | ---- | C] () -- C:\Users\***\Desktop\roh.png [2013.05.21 18:07:17 | 000,015,568 | ---- | C] () -- C:\Windows\System32\results.xml [2013.05.20 22:06:41 | 001,728,512 | ---- | C] () -- C:\Users\***\Documents\Datenbank1.accdb [2013.05.20 22:06:32 | 000,602,421 | ---- | C] () -- C:\Users\***\Documents\Projekte.accdt [2013.05.20 21:08:18 | 000,905,216 | ---- | C] () -- C:\Users\***\Documents\Studi.accdb [2013.05.20 20:49:15 | 001,323,008 | ---- | C] () -- C:\Users\***ten\Documents\test.accdb [2013.04.07 10:12:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2013.04.07 10:12:31 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2013.03.19 17:31:54 | 009,731,000 | ---- | C] () -- C:\Users\***\DELL_WIRELESS-5530-HSPA-MINI_A07_R220893.exe [2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.11.26 05:08:49 | 000,649,450 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.11.26 05:08:49 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.11.26 05:08:49 | 000,129,020 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.11.26 05:08:49 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2012.11.25 23:01:40 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.11.25 23:01:40 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.11.25 23:01:04 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2012.11.25 23:00:59 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2012.11.25 20:20:13 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2012.07.04 17:56:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\JavaWrapper.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.12.27 21:18:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Bitdefender [2013.01.23 12:49:57 | 000,000,000 | ---D | M] -- C:\Users\ski\AppData\Roaming\Bitdefender [2013.05.30 09:41:17 | 000,000,000 | ---D | M] -- C:\Users\ski\AppData\Roaming\TeamViewer ========== Purity Check ========== < End of report > |
|
18.06.2013, 17:02
| #6 |
| | hintergrundprogramm vermutet! OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.06.2013 17:54:06 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 63,28% Memory free 6,98 Gb Paging File | 5,66 Gb Available in Paging File | 81,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,14 Gb Total Space | 70,92 Gb Free Space | 59,53% Space Free | Partition Type: NTFS Computer Name: TORSTEN-PC | User Name: Torsten | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.18 16:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.05.27 16:19:56 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013.05.27 11:36:54 | 001,345,008 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe PRC - [2013.04.24 17:17:38 | 001,611,784 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe PRC - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013.04.19 20:55:46 | 001,293,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe PRC - [2013.03.28 11:32:34 | 000,310,640 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.03.28 11:32:32 | 001,511,792 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe PRC - [2013.03.20 10:07:18 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2013.02.26 17:33:03 | 000,055,984 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe PRC - [2013.02.21 04:44:22 | 002,238,704 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe PRC - [2013.02.21 04:43:48 | 000,365,808 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe PRC - [2013.02.08 20:32:00 | 000,150,768 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.10.12 16:45:37 | 001,324,384 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe PRC - [2010.01.11 20:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2009.02.24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe PRC - [2008.02.22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2008.02.22 17:54:34 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe PRC - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007.09.13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe PRC - [2007.07.02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2007.05.22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2006.09.08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe ========== Modules (No Company Name) ========== MOD - [2013.06.09 20:56:32 | 006,891,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\dc3fdc23f6516b3a7f1e2c8331d7e9de\DeviceHost.ni.dll MOD - [2013.05.27 16:19:55 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013.05.25 14:56:52 | 017,490,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\981f47ca4918ad980c186bd8e87e2714\Kies.Theme.ni.dll MOD - [2013.05.25 14:56:51 | 000,611,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\2968bf136dea2e9067dab3a33e6b4e79\DevicePodcast.ni.dll MOD - [2013.05.25 14:56:51 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\b29426aeb9455161ea12b87cda0ba5dc\DummyStorePlugin.ni.dll MOD - [2013.05.25 14:56:50 | 000,294,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\c3313e8e25da6201783c17dfaa5b0496\DeviceVideo.ni.dll MOD - [2013.05.25 14:56:49 | 000,349,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\aabdab07376e89e51c874bf9317e4dc7\DevicePhoto.ni.dll MOD - [2013.05.25 14:56:48 | 000,302,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\ebb58456cb633e779aa4e138ed0fed27\DeviceMusic.ni.dll MOD - [2013.05.25 14:56:47 | 000,470,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\3748f813d0f58499af4d415eb916fc3e\VideoManager.ni.dll MOD - [2013.05.25 14:56:46 | 000,778,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\9496fd8f78b04dd17355f45e18a22be9\PhotoManager.ni.dll MOD - [2013.05.25 14:56:45 | 001,979,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\b963ec0e84642810e0bc4c2f89739998\Phonebook.ni.dll MOD - [2013.05.25 14:56:42 | 000,941,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\3d3de392d7b52801076f0e9f78d9477f\MusicManager.ni.dll MOD - [2013.05.25 14:56:41 | 000,404,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\d676ff1bf0767470c9a5560f1aa2d14d\BATPlugin.ni.dll MOD - [2013.05.25 14:56:37 | 000,516,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\d2f8537926b7e4379d2e08dfa585f5f1\Kies.Common.MediaDB.ni.dll MOD - [2013.05.25 14:56:37 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\73aff30f19962e3fb19442930a7c40a7\Kies.Common.StoreManager.ni.dll MOD - [2013.05.25 14:56:36 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\47de253a8d7dd978e6f8d6f38340bc1f\ASF_cSharpAPI.ni.dll MOD - [2013.05.25 14:56:36 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\b44b3d6f3419c0ab9d18515897de9d1c\Kies.Common.AllShare.ni.dll MOD - [2013.05.25 14:56:35 | 000,109,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\6a0fc4cdacb74e4e86f529a2151cb551\Kies.Common.CRMManager.ni.dll MOD - [2013.05.25 14:56:35 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\cd4d2be1cc192ac58b54cbcef3da4267\Kies.Common.DBManager.ni.dll MOD - [2013.05.25 14:56:34 | 000,201,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\89a756ec00423ef4f254d7b265abbe51\Kies.Common.MainUI.ni.dll MOD - [2013.05.25 14:56:33 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0c50720e6df047feaea9d1373218ef98\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2013.05.25 14:56:33 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\05f34c55cc3087dd715d09d4d4d472f6\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2013.05.25 14:56:32 | 000,583,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\092d19a3f8e23190733777a43fef7625\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2013.05.25 14:56:32 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\aa38ba603d11850b202aa5145df0998b\Interop.DevFileServiceLib.ni.dll MOD - [2013.05.25 14:56:31 | 001,180,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\023d7461d211849b8378c5ee2d8cdcc4\Kies.Common.DeviceService.ni.dll MOD - [2013.05.25 14:56:29 | 001,138,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\b8f52febfa59a72983e95ff7fbee3530\Podcaster.ni.dll MOD - [2013.05.25 14:56:27 | 000,701,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\797da83b62561a9fdcf939acf2c81175\DeviceCommonLib.ni.dll MOD - [2013.05.25 14:56:26 | 000,732,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\309df18b43e646e1c64f47d5bb21dada\Kies.Plugin.ContentsManagerLib.ni.dll MOD - [2013.05.25 14:56:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\34f367d44c1562ab56aa05eaed2f91d5\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2013.05.25 14:56:09 | 000,928,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f41b2d52c6b4992965ed42b7508b8acf\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2013.05.25 14:56:03 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\01935cef9ea3ddde60c2b310558344aa\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2013.05.25 14:56:03 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\4f53a1e1b55059e985cbd4208cbbed45\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2013.05.25 14:56:03 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2f449d48a3aec93521d145df401129e\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2013.05.25 14:56:03 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\fc90db09cc6cba4b0bd4740b21b72b5c\Interop.PRPLAYERCORELib.ni.dll MOD - [2013.05.25 14:56:01 | 002,201,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\c89138378589f1d533571dfaa839b44d\Kies.Common.Multimedia.ni.dll MOD - [2013.05.25 14:55:59 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8aab3ec4ac5c9ba00fd328816c82c2ae\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2013.05.25 14:55:58 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3621b825f8134d3d0046664aa1f56077\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2013.05.25 14:55:47 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\61776ec0db133130d3658f9c0bc49ab9\CabLib.ni.dll MOD - [2013.05.25 14:55:47 | 000,281,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\acf0e739a5df2f4fe0423eac282a43fd\Kies.Common.Util.ni.dll MOD - [2013.05.25 14:55:46 | 001,618,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\8f73b7d658ead2bc1693551c7e6835ef\Kies.Locale.ni.dll MOD - [2013.05.25 14:55:46 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\5e7660d7a2dd8241b3de09ad6053d44f\Interop.DeviceSearchLib.ni.dll MOD - [2013.05.25 14:55:45 | 001,926,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\88e8e2b97065473f8a653ebbdf20d8c7\Kies.UI.ni.dll MOD - [2013.05.25 14:55:45 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\9bef0062ce6063229092af8c83cbd955\Kies.MVVM.ni.dll MOD - [2013.05.25 14:55:43 | 000,154,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\38de67b8d7313ef36676f4e0b5a0ec0d\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2013.05.25 14:55:42 | 001,260,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\4e846e1974a75dd1c5dc55445ec2312b\Kies.Interface.ni.dll MOD - [2013.05.25 14:55:32 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\766ccafdc4a09b964aa9286a15bca48a\System.ServiceProcess.ni.dll MOD - [2013.05.25 14:55:22 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\18827146ec2b471d01410b0e7639653d\System.Runtime.Remoting.ni.dll MOD - [2013.05.25 14:55:15 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll MOD - [2013.05.25 14:55:13 | 002,117,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\16869c24e27fb629bad51a6c777383e1\Kies.ni.exe MOD - [2013.05.25 13:27:37 | 015,882,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\5a482e5d6b781b7cef30ce7c20caf96a\MenuSkinning.ni.dll MOD - [2013.05.25 13:26:55 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\ce5f3c95d85ce4e4ee12dcb6fd50876c\VistaBridgeLibrary.ni.dll MOD - [2013.05.25 13:26:52 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.05.25 13:26:51 | 002,584,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\fc8099175daa93a47757849ddd805b8e\DellDock.ni.exe MOD - [2013.05.25 13:26:50 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\c44d4e9a2f5a9e2988dfaa2d6b591b9e\MyDock.Util.ni.dll MOD - [2013.05.25 13:26:47 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.25 13:26:26 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.05.25 13:25:57 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.05.25 13:25:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\56765d6988c0fc573c31d3c6066fc704\System.Configuration.ni.dll MOD - [2013.05.25 13:25:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.05.25 13:25:46 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.05.25 13:25:46 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013.05.21 16:01:37 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll MOD - [2013.05.20 22:31:39 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.05.20 22:31:38 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll MOD - [2013.05.20 22:31:35 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll MOD - [2013.05.20 22:31:33 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll MOD - [2013.05.20 22:31:27 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll MOD - [2013.05.20 22:31:24 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.05.20 22:30:59 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2013.02.26 17:13:13 | 000,204,280 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll MOD - [2012.06.18 17:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll MOD - [2012.04.27 16:08:08 | 000,093,040 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\WebcamSoft\NetCamCenter\nccsvc.exe -- (Webcam Corp. Service Starter) SRV - File not found [Auto | Stopped] -- c:\program files\axis communications\axis camera station 3\AcsService.exe -- (AXIS Camera Station) SRV - [2013.06.13 17:38:01 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.27 16:19:56 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.27 11:36:54 | 001,345,008 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV) SRV - [2013.04.23 09:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.04.19 20:55:46 | 001,293,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe -- (OfficeSvc) SRV - [2013.03.20 10:07:18 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2013.02.26 17:33:03 | 000,055,984 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV) SRV - [2013.02.26 17:20:55 | 000,062,688 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental) SRV - [2013.02.08 20:29:56 | 000,295,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2012.12.27 21:32:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.03.12 11:05:33 | 000,232,288 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\MobileBrServ\mbbService.exe -- (Mobile Broadband HL Service) SRV - [2010.01.11 20:20:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.02.22 17:54:34 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc) SRV - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\***\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013.05.28 12:11:21 | 000,355,744 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\trufos.sys -- (trufos) DRV - [2013.04.17 14:59:04 | 000,633,344 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avc3.sys -- (avc3) DRV - [2013.04.17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf) DRV - [2013.03.20 10:07:16 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2013.02.22 19:46:48 | 000,078,144 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf) DRV - [2013.02.22 09:16:54 | 000,153,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2013.02.22 09:16:54 | 000,136,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2013.02.22 09:16:54 | 000,017,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2013.01.03 10:18:04 | 000,040,200 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2013.01.03 10:18:00 | 000,044,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2013.01.03 10:18:00 | 000,044,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb) DRV - [2013.01.03 10:18:00 | 000,012,808 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd) DRV - [2012.11.12 18:11:11 | 000,066,392 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdsandbox.sys -- (BDSandBox) DRV - [2012.11.02 14:17:14 | 000,242,504 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avchv.sys -- (avchv) DRV - [2012.10.04 14:30:05 | 000,162,976 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\System32\drivers\gzflt.sys -- (gzflt) DRV - [2012.10.02 12:31:18 | 000,134,136 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.06.13 09:49:46 | 000,062,464 | ---- | M] (Vyacheslav Frolov) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\com0com.sys -- (com0com) DRV - [2011.11.14 20:16:27 | 000,090,704 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.03.30 22:27:40 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Spyder3.sys -- (Spyder3) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.04.06 12:25:34 | 000,049,192 | ---- | M] (Dell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553scard.sys -- (d553scard) DRV - [2008.12.19 14:41:46 | 000,409,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553mdm2.sys -- (d553mdm2) DRV - [2008.12.19 14:41:46 | 000,375,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553unic.sys -- (d553unic) DRV - [2008.12.19 14:41:46 | 000,365,312 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553mdm.sys -- (d553mdm) DRV - [2008.12.19 14:41:46 | 000,356,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553card.sys -- (d553card) DRV - [2008.12.19 14:41:46 | 000,281,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553bus.sys -- (d553bus) DRV - [2008.12.19 14:41:46 | 000,025,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553nd5.sys -- (d553nd5) DRV - [2008.12.19 14:41:46 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553mdfl2.sys -- (d553mdfl2) DRV - [2008.12.19 14:41:46 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\d553mdfl.sys -- (d553mdfl) DRV - [2007.09.13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.06.25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.06.01 14:57:18 | 000,178,176 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI) DRV - [2005.05.24 23:26:16 | 000,018,432 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\HHD Software\Free Serial Port Monitor\sermon.sys -- (SerMon) DRV - [2005.05.24 23:23:52 | 000,007,632 | ---- | M] (HHD Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\HHD Software\Device Monitor\NDMSHLP.sys -- (NDMSHLP) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2320774815-1596731653-13179875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankLBA IE - HKU\S-1-5-21-2320774815-1596731653-13179875-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2320774815-1596731653-13179875-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2320774815-1596731653-13179875-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2320774815-1596731653-13179875-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home|hxxp://www.giga.de/my_homepage/0022/" FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5 FF - prefs.js..extensions.enabledAddons: amazon-icon%40winload.de:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.02.28 17:01:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.27 16:19:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.07 12:55:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013.06.06 08:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.27 16:19:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.07 12:55:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.30 20:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.06.18 17:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions [2013.06.13 21:36:29 | 000,000,000 | ---D | M] (Amazon-Icon) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions\amazon-icon@winload.de [2013.02.24 14:31:55 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2013.03.21 20:11:37 | 000,002,418 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\searchplugins\englische-ergebnisse.xml [2013.03.21 20:11:37 | 000,010,701 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\searchplugins\gmx-suche.xml [2013.03.21 20:11:37 | 000,002,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\searchplugins\lastminute.xml [2013.03.21 20:11:37 | 000,005,682 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\7a72tyc5.default\searchplugins\webde-suche.xml [2013.05.28 11:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Extensions [2013.05.27 16:19:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013.05.27 16:19:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.02.28 17:01:10 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT O1 HOSTS File: ([2013.06.18 17:49:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Reg Error: Value error.) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - Reg Error: Value error. File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-21-2320774815-1596731653-13179875-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2320774815-1596731653-13179875-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2320774815-1596731653-13179875-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Download with Download Manager - C:\Program Files\Storage Server\Storage Server\DM\GetUrl.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://192.168.11.55/activex/AxisCamControl.cab (CamImage Class) O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} hxxp://192.168.11.22/activex/decoder/intel_mpeg4_dec.cab (Reg Error: Key error.) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://192.168.11.22/activex/AMC.cab (Reg Error: Key error.) O16 - DPF: {E6644870-F140-11D4-B761-00D0B73F3C8E} hxxp://192.168.11.55/activex/AxisCamMotionControl.ocx (CamImage Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B1E5522-8682-4A04-B07F-AA2E2DAC3817}: NameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DF2C106-63D4-4FA4-8E9E-83591694EAD3}: DhcpNameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1F34528-362E-4FDD-A48B-5A7FB2650FF8}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C421BFF7-7F09-4DDE-92DF-738179F4BE96}: DhcpNameServer = 192.168.1.1 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.18 17:50:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.18 17:50:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2013.06.18 17:42:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.18 17:42:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.18 17:42:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.18 17:42:23 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.06.18 17:42:07 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.18 17:41:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.18 17:41:02 | 005,081,021 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.06.18 16:51:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.16 07:52:55 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\feig mit übergabe [2013.06.13 21:36:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp8d4cc0a87c6f902a322c6e9299798fe4 [2013.06.13 21:36:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp0d761158d422d7dfdb385323b1ed39a2 [2013.06.13 21:36:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Tempa97fe6dc848d3b26239ec9d17c82b43a [2013.06.13 21:36:28 | 000,000,000 | ---D | C] -- C:\Users\***\ChromeExtensions [2013.06.09 15:40:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Heidebogenlauf_2012 [2013.06.09 14:35:36 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Heidebogenlauf_2013 [2013.06.09 13:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2013.06.06 11:28:02 | 000,072,704 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys [2013.06.06 08:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2013 [2013.06.06 08:25:32 | 000,078,144 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys [2013.06.06 08:25:32 | 000,066,392 | ---- | C] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys [2013.06.06 08:25:29 | 000,242,504 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys [2013.06.06 08:25:28 | 000,633,344 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys [2013.06.06 08:25:28 | 000,486,536 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys [2013.06.06 08:25:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Bitdefender [2013.06.06 08:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender [2013.06.06 08:23:14 | 000,162,976 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys [2013.06.06 08:23:13 | 000,355,744 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys [2013.06.02 13:48:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\com0com [2013.06.02 13:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\com0com [2013.06.02 12:09:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.06.02 12:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.06.02 12:09:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Notepad++ [2013.06.02 12:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++ [2013.06.01 00:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HHD Free Serial Port Monitor [2013.06.01 00:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\HHD Software [2013.06.01 00:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HHD Software [2013.06.01 00:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Docklight V2.0 [2013.06.01 00:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\FuH [2013.06.01 00:11:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.05.29 13:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Storage Server [2013.05.29 13:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Storage Server [2013.05.25 17:02:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\webkit [2013.05.21 18:00:52 | 000,000,000 | ---D | C] -- C:\Intel [2013.05.21 17:54:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.18 17:49:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.06.18 17:44:32 | 000,026,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.18 17:44:32 | 000,026,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.18 17:42:16 | 000,649,450 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.18 17:42:16 | 000,614,160 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.18 17:42:16 | 000,129,020 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.18 17:42:16 | 000,105,402 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.18 17:39:33 | 005,081,021 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.06.18 17:37:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.18 17:37:16 | 2810,683,392 | -HS- | M] () -- C:\hiberfil.sys [2013.06.18 17:36:27 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.06.18 17:34:43 | 000,648,201 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.06.18 17:28:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.18 16:50:15 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.06.18 16:06:56 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.06.18 16:06:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.14 17:42:19 | 000,023,440 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.06.06 13:31:34 | 388,828,466 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.06 11:28:02 | 000,072,704 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys [2013.06.06 08:25:47 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01 [2013.06.06 08:25:47 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr [2013.06.06 08:25:47 | 000,000,308 | -H-- | M] () -- C:\bdr-cf01 [2013.06.06 08:25:40 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk [2013.06.06 08:25:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf [2013.06.02 12:18:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_vyser_01_09_00.Wdf [2013.05.29 12:17:01 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2013.05.28 12:11:21 | 000,355,744 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys [2013.05.27 16:53:10 | 000,025,984 | ---- | M] () -- C:\Windows\System32\drivers\VSPE.sys [2013.05.25 16:43:58 | 000,075,706 | ---- | M] () -- C:\Users\***\Desktop\roh.png [2013.05.21 18:07:17 | 000,015,568 | ---- | M] () -- C:\Windows\System32\results.xml [2013.05.20 22:07:09 | 001,728,512 | ---- | M] () -- C:\Users\***\Documents\Datenbank1.accdb [2013.05.20 22:06:41 | 001,323,008 | ---- | M] () -- C:\Users\***\Documents\test.accdb [2013.05.20 22:06:32 | 000,602,421 | ---- | M] () -- C:\Users\***\Documents\Projekte.accdt [2013.05.20 21:18:09 | 000,905,216 | ---- | M] () -- C:\Users\***\Documents\Studi.accdb [2013.05.20 20:44:16 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.18 17:42:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.18 17:42:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.18 17:42:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.18 17:42:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.18 17:42:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.18 17:36:16 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.06.18 17:34:59 | 000,648,201 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.06.18 16:56:55 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.06.18 16:50:15 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.06.14 17:42:19 | 000,023,440 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.06.06 08:25:47 | 000,000,308 | -H-- | C] () -- C:\bdr-cf01 [2013.06.06 08:25:40 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Safepay.lnk [2013.06.06 08:25:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_avchv_01009.Wdf [2013.06.06 08:25:15 | 036,573,121 | -H-- | C] () -- C:\bdr-im01.gz [2013.06.06 08:25:15 | 002,294,848 | -H-- | C] () -- C:\bdr-bz01 [2013.06.06 08:25:15 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01 [2013.06.06 08:25:15 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr [2013.06.02 12:18:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_vyser_01_09_00.Wdf [2013.05.29 12:17:01 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp [2013.05.27 16:53:10 | 000,025,984 | ---- | C] () -- C:\Windows\System32\drivers\VSPE.sys [2013.05.25 16:43:58 | 000,075,706 | ---- | C] () -- C:\Users\***\Desktop\roh.png [2013.05.21 18:07:17 | 000,015,568 | ---- | C] () -- C:\Windows\System32\results.xml [2013.05.20 22:06:41 | 001,728,512 | ---- | C] () -- C:\Users\***\Documents\Datenbank1.accdb [2013.05.20 22:06:32 | 000,602,421 | ---- | C] () -- C:\Users\***\Documents\Projekte.accdt [2013.05.20 21:08:18 | 000,905,216 | ---- | C] () -- C:\Users\***\Documents\Studi.accdb [2013.05.20 20:49:15 | 001,323,008 | ---- | C] () -- C:\Users\***ten\Documents\test.accdb [2013.04.07 10:12:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2013.04.07 10:12:31 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2013.03.19 17:31:54 | 009,731,000 | ---- | C] () -- C:\Users\***\DELL_WIRELESS-5530-HSPA-MINI_A07_R220893.exe [2012.12.18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.11.26 05:08:49 | 000,649,450 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.11.26 05:08:49 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.11.26 05:08:49 | 000,129,020 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.11.26 05:08:49 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2012.11.25 23:01:40 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.11.25 23:01:40 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.11.25 23:01:04 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2012.11.25 23:00:59 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2012.11.25 20:20:13 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2012.07.04 17:56:00 | 000,061,440 | ---- | C] () -- C:\Windows\System32\JavaWrapper.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.12.27 21:18:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Bitdefender [2013.01.23 12:49:57 | 000,000,000 | ---D | M] -- C:\Users\ski\AppData\Roaming\Bitdefender [2013.05.30 09:41:17 | 000,000,000 | ---D | M] -- C:\Users\ski\AppData\Roaming\TeamViewer ========== Purity Check ========== < End of report > |
|
18.06.2013, 21:41
| #7 | |
| /// TB-Ausbilder | hintergrundprogramm vermutet! Hallo, bis jetzt kann ich nicht allzu viel erkennen.. Zitat:
__________________ cheers, Leo |
|
19.06.2013, 17:16
| #8 |
| | hintergrundprogramm vermutet! Hy, das letzte war ein Amazon Symbohl welches aber auf winload verwiesen hat. Grüße |
|
19.06.2013, 20:05
| #9 |
| /// TB-Ausbilder | hintergrundprogramm vermutet! Hallo, und werden aktuell immer noch solche Symbole erstellt, oder hat es aufgehört?
__________________ cheers, Leo |
|
20.06.2013, 16:34
| #10 |
| | hintergrundprogramm vermutet! Hallo Bis jetzt keine weiteren vorkommnisse. |
|
20.06.2013, 16:47
| #11 |
| /// TB-Ausbilder | hintergrundprogramm vermutet! Ok, dann noch eine Kontrolle und vorhandene Sicherheitslücken schliessen. Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
[2013.06.13 21:36:29 | 000,000,000 | ---D | M] (Amazon-Icon) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions\amazon-icon@winload.de
FF - prefs.js..extensions.enabledAddons: amazon-icon%40winload.de:1.0
:commands
[emptytemp]
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
24.06.2013, 09:40
| #12 |
| | hintergrundprogramm vermutet! Sorry bin nicht eher dazu gekommen. HTML-Code: All processes killed ========== OTL ========== C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions\amazon-icon@winload.de\plugins folder moved successfully. C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions\amazon-icon@winload.de\components folder moved successfully. C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions\amazon-icon@winload.de\chrome\locale\de-DE folder moved successfully. C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions\amazon-icon@winload.de\chrome\locale folder moved successfully. C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions\amazon-icon@winload.de\chrome\icons\default folder moved successfully. C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions\amazon-icon@winload.de\chrome\icons folder moved successfully. C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions\amazon-icon@winload.de\chrome\content folder moved successfully. C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions\amazon-icon@winload.de\chrome folder moved successfully. C:\Users\Torsten\AppData\Roaming\mozilla\Firefox\Profiles\7a72tyc5.default\extensions\amazon-icon@winload.de folder moved successfully. Prefs.js: amazon-icon%40winload.de:1.0 removed from extensions.enabledAddons ========== COMMANDS ========== [EMPTYTEMP] User: admin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 17076848 bytes ->Flash cache emptied: 662 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: ski ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 195 bytes ->Java cache emptied: 56782 bytes ->FireFox cache emptied: 32515122 bytes ->Flash cache emptied: 492 bytes User: Torsten ->Temp folder emptied: 2133679 bytes ->Temporary Internet Files folder emptied: 15214805 bytes ->Java cache emptied: 522627 bytes ->FireFox cache emptied: 120169683 bytes ->Flash cache emptied: 19665 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 10642 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 179,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06242013_103415 Files\Folders moved on Reboot... C:\Windows\temp\FireFly(20130624103141804).log moved successfully. C:\Windows\temp\integratedoffice.exe_c2rdll(20130624103141804).log moved successfully. C:\Windows\temp\integratedoffice.exe_c2ruidll(20130624103141804).log moved successfully. C:\Windows\temp\integratedoffice.exe_streamserver(20130624103141804).log moved successfully. File move failed. C:\Windows\temp\ood_stream.x86.de-de.dat scheduled to be moved on reboot. File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... HTML-Code: Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.06.24.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16618 Torsten :: TORSTEN-PC [Administrator] 24.06.2013 10:40:44 mbam-log-2013-06-24 (10-40-44).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 254834 Laufzeit: 4 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Torsten\Downloads\WirelessKeyView_1.60.zip (PUP.WirelessKeyView) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) HTML-Code: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=0d7d3bab42fb7c478bffce0d13aea855 # engine=14141 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-06-24 09:22:28 # local_time=2013-06-24 11:22:28 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 18170035 123696939 0 0 # scanned=121926 # found=1 # cleaned=0 # scan_time=1968 sh=A23519E8073FDB68C377074CFC41DEF71AD03D44 ft=1 fh=ca61199ae536065a vn="Win32/StartPage.OPH trojan" ac=I fn="C:\Users\Torsten\Downloads\vlc-2.0.4-win32.exe" HTML-Code: Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 [b][u]``````````````Antivirus/Firewall Check:``````````````[/u][/b][u][/u] Bitdefender Virenschutz Antivirus up to date! [b][u]`````````Anti-malware/Other Utilities Check:`````````[/u][/b][u][/u] Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 21 Adobe Flash Player 11.7.700.224 Mozilla Firefox (21.0) Mozilla Thunderbird (17.0.6) [b][u]````````Process Check: objlist.exe by Laurent````````[/u][/b][u][/u] Bitdefender Bitdefender 2013 vsserv.exe Bitdefender Bitdefender 2013 updatesrv.exe Bitdefender Bitdefender 2013 bdagent.exe Bitdefender Bitdefender 2013 BdParentalSysTray.exe [b][u]`````````````````System Health check`````````````````[/u][/b][u][/u] Total Fragmentation on Drive C: [b][u]````````````````````End of Log``````````````````````[/u][/b][u][/u] Geändert von danken (24.06.2013 um 09:52 Uhr) |
|
24.06.2013, 14:29
| #13 |
| /// TB-Ausbilder | hintergrundprogramm vermutet! Hallo, sieht gut aus. Die Downloadquelle für den VLC-Player ist videolan.org und nicht vlc.de oder ähnlich. In zweiteren sind jeweils noch Werbebeigaben mitdrin, wie der ESET-Fund anzeigt. Räumen wir auf. Schritt 1 Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können. Die aktuelle Version ist Java 7 Update 25.
Überleg dir also, ob du eine Java-Installation wirklich brauchst. Falls du Java weiterhin verwenden möchtest, dann:
Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus. Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
25.06.2013, 07:55
| #14 |
| | hintergrundprogramm vermutet! Hallo, vielen Dank für deine Hilfe. Soweit ich es einschätzen kann habe ich bis jetzt keine Probleme mehr. Java ist ein Toll was ich dringend benötige da ich einige entwickelte tolls habe die nur java lasuffähig sind. Grüße und noch einmal danke |
|
25.06.2013, 11:49
| #15 |
| /// TB-Ausbilder | hintergrundprogramm vermutet! Danke für die Rückmeldung. Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu hintergrundprogramm vermutet! |
| benötige, immer wieder, rechner, runter, vermute, vermutet, wissen |
Textbox. 
Linear-Darstellung
