| Kaiuslongus | 20.03.2014 14:37 |
GVU trojaner im google browser !
Hallo trojaner team und ein besonders hallo an schrauber der mir schon mal supi geholfen hat.
Ich weiß nicht ob ich "ihn" jetzt habe aber im googlbrowser erschien:
ihr pc wurde gesperrt blablabla
zum problem:
- im google browser den angesprochenen gvu trojaner eingefangen
- leider hat benutzer vor lauter panik den pc runter gefahren
zum pc problem:
- lädt lange beim hoch und runter fahren ( subjektive meinung)
- google ist ab da nur noch abgestürzt
- andere browser sind auch nicht angesprungen
was habe ich unternommen:
- wiederhertstellungspunkt aktiviert ( war nicht so toll, hat nicht gefunzt, system "durcheinader" )
- bitdefender hat nichts gefunden
habe mich an eure anleitung gehalte - ich hoffe ich habe alles richtig gemacht - und im anhang sind die gewünschten logfils.
da mir schon mal super geholfen wurde lande ich natürlich wieder bei euch
Vielen dank für eure hilfe
DEFOGGER: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:32 on 20/03/2014 (Nick)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Nick (administrator) on NICKS-W7 on 20-03-2014 12:34:18
Running from C:\Users\Nick\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files\Core Temp\Core Temp.exe
(Dexpot GbR) C:\Program Files (x86)\Dexpot\dexpot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dexpot GbR) C:\Program Files (x86)\Dexpot\Dexpot64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\BdParentalSysTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
() C:\Users\Nick\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1575192 2014-03-19] (Bitdefender)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Agent] - "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse] - "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\.DEFAULT\...\Run: [Bitdefender-Geldbörse-Anwendungs-Agent] - "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKU\S-1-5-21-699013304-1416678476-2723027378-1000\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-699013304-1416678476-2723027378-1000\...\Run: [696975F877CEE120328F887DF7C10CABCB6D4EB5._service_run] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
HKU\S-1-5-21-699013304-1416678476-2723027378-1000\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\S-1-5-21-699013304-1416678476-2723027378-1000\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [423144 2013-04-26] (BillP Studios)
HKU\S-1-5-21-699013304-1416678476-2723027378-1000\...\Run: [NTRedirect] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Nick\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
HKU\S-1-5-21-699013304-1416678476-2723027378-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000
HKU\S-1-5-21-699013304-1416678476-2723027378-1000\...\MountPoints2: {33f6cb84-60c3-11e3-b340-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-699013304-1416678476-2723027378-1000\...\MountPoints2: {7e19b335-540b-11e1-b9ef-001d7d02fcf5} - E:\Startme.exe
Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=082F001D7D02FCF5&affID=119357&tsp=4978
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {2F646D09-32FE-4E48-95D3-790F50611C3E} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {2F646D09-32FE-4E48-95D3-790F50611C3E} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - DefaultScope {2F646D09-32FE-4E48-95D3-790F50611C3E} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - 470DC7F397B64CC4B5AC2784BBE5DAC6 URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGHP_deDE467
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=082F001D7D02FCF5&affID=119357&tsp=4978
SearchScopes: HKCU - {2F646D09-32FE-4E48-95D3-790F50611C3E} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {45384A7E-927E-4F23-BC4A-76261740F197} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7GGHP_deDE467
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.5\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.5\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 02 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 03 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 04 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 05 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 06 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 07 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 08 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 09 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 10 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9 22 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)
Winsock: Catalog9-x64 01 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [117296] (Bitdefender)
Winsock: Catalog9-x64 02 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [117296] (Bitdefender)
Winsock: Catalog9-x64 03 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [117296] (Bitdefender)
Winsock: Catalog9-x64 04 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [117296] (Bitdefender)
Winsock: Catalog9-x64 05 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [117296] (Bitdefender)
Winsock: Catalog9-x64 06 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [117296] (Bitdefender)
Winsock: Catalog9-x64 07 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [117296] (Bitdefender)
Winsock: Catalog9-x64 08 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [117296] (Bitdefender)
Winsock: Catalog9-x64 09 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [117296] (Bitdefender)
Winsock: Catalog9-x64 10 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [117296] (Bitdefender)
Winsock: Catalog9-x64 22 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [117296] (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\imsz3ba5.default-1389275296788
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll (VideoDownloadConverter)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2014-03-19]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2014-03-19]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-03]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: suchmaschine
CHR DefaultSearchProvider: SuchMaschine
CHR DefaultSearchURL: hxxp://www.sm.de/?q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (ChromeUtilPlugin) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\19.52819_0\background/ChromeUtilPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Drive) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-28]
CHR Extension: (YouTube) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-09]
CHR Extension: (Google-Suche) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-09]
CHR Extension: (Delta Toolbar) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-08-18]
CHR Extension: (Google Wallet) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Google Mail) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-09]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Nick\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-07-09]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-07-09]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Nick\AppData\Roaming\BabSolution\CR\Delta.crx [2013-08-18]
==================== Services (Whitelisted) =================
R2 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-10-24] (Bitdefender)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2013-07-19] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2014-03-19] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1645256 2014-03-19] (Bitdefender)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-25] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [727592 2013-10-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2013-09-15] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [601360 2013-10-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-03-19] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2014-03-19] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2013-09-15] (BitDefender)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2014-03-19] (BitDefender LLC)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-25] ()
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
R2 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2014-03-19] (BitDefender S.R.L.)
R3 ALSysIO; \??\C:\Users\Nick\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-20 12:34 - 2014-03-20 12:34 - 00024688 _____ () C:\Users\Nick\Desktop\FRST.txt
2014-03-20 12:34 - 2014-03-20 12:34 - 00000000 ____D () C:\FRST
2014-03-20 12:33 - 2014-03-20 12:33 - 02157056 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
2014-03-20 12:32 - 2014-03-20 12:32 - 00000470 _____ () C:\Users\Nick\Desktop\defogger_disable.log
2014-03-20 12:32 - 2014-03-20 12:32 - 00000000 _____ () C:\Users\Nick\defogger_reenable
2014-03-20 12:30 - 2014-03-20 12:30 - 00050477 _____ () C:\Users\Nick\Desktop\Defogger.exe
2014-03-19 21:24 - 2014-03-19 21:24 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2014-03-19 20:57 - 2014-03-19 20:57 - 00544897 _____ () C:\ProgramData\1395258514.bdinstall.bin
2014-03-19 20:57 - 2014-03-19 20:57 - 00002246 _____ () C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2014-03-19 20:57 - 2014-03-19 20:57 - 00002127 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
2014-03-19 20:57 - 2014-03-19 20:57 - 00000403 ____H () C:\bdr-cf01
2014-03-19 20:57 - 2014-03-19 20:57 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Bitdefender
2014-03-19 20:50 - 2014-03-19 20:57 - 00253404 ____H () C:\bdr-ld01
2014-03-19 20:50 - 2014-03-19 20:57 - 00009216 ____H () C:\bdr-ld01.mbr
2014-03-19 20:50 - 2012-06-28 16:09 - 35176809 ____H () C:\bdr-im01.gz
2014-03-19 20:50 - 2012-05-24 13:39 - 02294848 ____H () C:\bdr-bz01
2014-03-19 20:49 - 2014-03-19 20:57 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-03-19 20:49 - 2014-03-19 19:45 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-03-19 20:49 - 2014-03-19 19:45 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-03-19 19:46 - 2014-03-20 07:12 - 00002458 _____ () C:\Windows\PFRO.log
2014-03-19 19:45 - 2014-03-19 19:45 - 00535160 _____ () C:\ProgramData\1395254131.bdinstall.bin
2014-03-19 19:44 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-19 19:44 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-19 19:44 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-19 19:44 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-19 19:44 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-19 19:44 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-19 19:44 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-19 19:44 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-19 19:44 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-19 19:44 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-19 19:44 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-19 19:44 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-19 19:44 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-19 19:44 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-19 19:44 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-19 19:44 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-19 19:44 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-19 19:44 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-19 19:44 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-19 19:44 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-19 19:44 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-19 19:44 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-19 19:44 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-19 19:44 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-19 19:44 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-19 19:44 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-19 19:44 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-19 19:44 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-19 19:44 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-19 19:44 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-19 19:44 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-19 19:44 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-19 19:44 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-19 19:44 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-19 19:44 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-19 19:39 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-19 19:39 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-19 19:37 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-19 19:37 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 13:04 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 13:04 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 13:04 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 13:04 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 13:04 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 13:04 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 13:04 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 13:04 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 13:04 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-08 14:42 - 2014-03-19 19:27 - 00000000 ____D () C:\Users\Nick\Downloads\Kapitän Phillips
2014-02-21 14:37 - 2014-03-12 13:37 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-20 16:19 - 2014-02-20 16:19 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\SanDisk SecureAccess
2014-02-19 16:36 - 2014-03-19 19:27 - 00000000 ____D () C:\Users\Nick\Downloads\Supernatural Staffel 6
2014-02-19 16:33 - 2014-03-19 19:27 - 00000000 ____D () C:\Users\Nick\Downloads\Supernatural Staffel 5
2014-02-19 16:31 - 2014-03-19 19:27 - 00000000 ____D () C:\Users\Nick\Downloads\Supernatural Staffel 4
==================== One Month Modified Files and Folders =======
2014-03-20 12:34 - 2014-03-20 12:34 - 00024688 _____ () C:\Users\Nick\Desktop\FRST.txt
2014-03-20 12:34 - 2014-03-20 12:34 - 00000000 ____D () C:\FRST
2014-03-20 12:33 - 2014-03-20 12:33 - 02157056 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
2014-03-20 12:32 - 2014-03-20 12:32 - 00000470 _____ () C:\Users\Nick\Desktop\defogger_disable.log
2014-03-20 12:32 - 2014-03-20 12:32 - 00000000 _____ () C:\Users\Nick\defogger_reenable
2014-03-20 12:32 - 2012-01-17 18:27 - 00000000 ____D () C:\Users\Nick
2014-03-20 12:30 - 2014-03-20 12:30 - 00050477 _____ () C:\Users\Nick\Desktop\Defogger.exe
2014-03-20 12:26 - 2012-01-17 21:34 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 12:12 - 2012-03-31 06:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-20 12:12 - 2012-01-17 18:26 - 01223831 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 07:21 - 2009-07-14 05:45 - 00025856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-20 07:21 - 2009-07-14 05:45 - 00025856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-20 07:15 - 2013-07-22 17:44 - 00000000 ___RD () C:\Users\Nick\Dropbox
2014-03-20 07:15 - 2013-07-22 17:35 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Dropbox
2014-03-20 07:15 - 2012-01-17 21:34 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-20 07:14 - 2014-02-16 00:33 - 00001904 _____ () C:\Windows\setupact.log
2014-03-20 07:14 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 07:12 - 2014-03-19 19:46 - 00002458 _____ () C:\Windows\PFRO.log
2014-03-19 21:24 - 2014-03-19 21:24 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2014-03-19 21:13 - 2013-07-13 22:47 - 00000000 ____D () C:\Users\Nick\Desktop\Sicherheit
2014-03-19 20:57 - 2014-03-19 20:57 - 00544897 _____ () C:\ProgramData\1395258514.bdinstall.bin
2014-03-19 20:57 - 2014-03-19 20:57 - 00002246 _____ () C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2014-03-19 20:57 - 2014-03-19 20:57 - 00002127 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
2014-03-19 20:57 - 2014-03-19 20:57 - 00000403 ____H () C:\bdr-cf01
2014-03-19 20:57 - 2014-03-19 20:57 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Bitdefender
2014-03-19 20:57 - 2014-03-19 20:50 - 00253404 ____H () C:\bdr-ld01
2014-03-19 20:57 - 2014-03-19 20:50 - 00009216 ____H () C:\bdr-ld01.mbr
2014-03-19 20:57 - 2014-03-19 20:49 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-03-19 20:56 - 2014-02-15 18:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 20:49 - 2013-07-14 15:02 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-03-19 20:34 - 2012-01-17 21:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-19 20:33 - 2012-01-17 21:33 - 00000000 ____D () C:\Users\Nick\AppData\Local\Google
2014-03-19 20:24 - 2013-08-18 09:16 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-19 20:18 - 2013-07-09 19:28 - 00000000 ___RD () C:\Users\Nick\Google Drive
2014-03-19 20:18 - 2013-07-03 17:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-19 20:18 - 2013-07-03 17:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-19 20:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-19 20:06 - 2009-07-14 05:45 - 00423640 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-19 20:03 - 2013-07-11 23:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 20:01 - 2012-01-17 19:17 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 20:00 - 2012-04-21 12:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-19 19:45 - 2014-03-19 20:49 - 00389240 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-03-19 19:45 - 2014-03-19 20:49 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-03-19 19:45 - 2014-03-19 19:45 - 00535160 _____ () C:\ProgramData\1395254131.bdinstall.bin
2014-03-19 19:44 - 2013-09-14 08:39 - 00000376 _____ () C:\Users\Nick\AppData\Roamingprivacy.xml
2014-03-19 19:35 - 2012-01-17 18:38 - 00111240 _____ () C:\Users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-19 19:27 - 2014-03-08 14:42 - 00000000 ____D () C:\Users\Nick\Downloads\Kapitän Phillips
2014-03-19 19:27 - 2014-02-19 16:36 - 00000000 ____D () C:\Users\Nick\Downloads\Supernatural Staffel 6
2014-03-19 19:27 - 2014-02-19 16:33 - 00000000 ____D () C:\Users\Nick\Downloads\Supernatural Staffel 5
2014-03-19 19:27 - 2014-02-19 16:31 - 00000000 ____D () C:\Users\Nick\Downloads\Supernatural Staffel 4
2014-03-19 19:27 - 2013-11-05 14:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 19:27 - 2013-09-21 19:44 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\File Scout
2014-03-19 19:27 - 2013-08-18 16:53 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\vlc
2014-03-19 19:27 - 2013-08-18 09:16 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Delta
2014-03-19 19:27 - 2013-08-18 09:16 - 00000000 ____D () C:\Program Files (x86)\Delta
2014-03-19 19:27 - 2013-07-10 22:02 - 00000000 ____D () C:\Users\Nick\AppData\Local\Downloaded Installations
2014-03-19 19:27 - 2013-07-03 17:46 - 00000000 ____D () C:\ProgramData\HP
2014-03-19 19:27 - 2012-01-18 14:41 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\IrfanView
2014-03-19 19:27 - 2012-01-17 19:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-19 19:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-19 19:14 - 2010-11-21 08:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-19 18:17 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-17 11:27 - 2013-08-21 16:44 - 00000000 ____D () C:\Users\Nick\Documents\SelfMV
2014-03-12 14:26 - 2013-09-16 14:27 - 00000500 _____ () C:\Windows\system32\checkdnsid.xml
2014-03-12 13:37 - 2014-02-21 14:37 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-12 13:37 - 2012-03-31 06:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 13:37 - 2012-03-31 06:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 13:37 - 2012-01-17 21:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-02 12:07 - 2012-10-09 16:17 - 00000000 ____D () C:\Users\Nick\Documents\boristo gbr
2014-03-01 07:05 - 2014-03-19 19:44 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-19 19:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-19 19:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-19 19:44 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-19 19:44 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-19 19:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-19 19:44 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-19 19:44 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-19 19:44 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-19 19:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-19 19:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-19 19:44 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-19 19:44 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 13:04 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-19 19:44 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-19 19:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-19 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-19 19:44 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 13:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 13:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-19 19:44 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-19 19:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-19 19:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-19 19:44 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-19 19:44 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-19 19:44 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 13:04 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-19 19:44 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-19 19:44 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-19 19:44 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 13:04 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 13:04 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 13:04 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 13:04 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-19 19:44 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-19 19:44 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 13:04 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-19 19:44 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-19 19:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-19 19:44 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 16:49 - 2013-08-22 21:00 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\dvdcss
2014-02-24 19:45 - 2012-01-18 03:18 - 00710046 _____ () C:\Windows\system32\perfh007.dat
2014-02-24 19:45 - 2012-01-18 03:18 - 00154482 _____ () C:\Windows\system32\perfc007.dat
2014-02-24 19:45 - 2009-07-14 06:13 - 01650084 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-20 16:19 - 2014-02-20 16:19 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\SanDisk SecureAccess
2014-02-20 16:14 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
Some content of TEMP:
====================
C:\Users\Nick\AppData\Local\Temp\msvcr90.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 07:57
==================== End Of Log ============================
Additional Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Nick at 2014-03-20 12:35:09
Running from C:\Users\Nick\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Bitdefender Virenschutz (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bitdefender Internet Security 2013 (HKLM\...\Bitdefender) (Version: 16.30.0.1843 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Core Temp version 0.99.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.7 - Arthur Liberman)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Konsole Starter (HKLM-x32\...\Console Launcher) (Version: - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ATTENTION
Delta toolbar (HKLM-x32\...\delta) (Version: 1.8.24.5 - Delta) <==== ATTENTION
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Dexpot (HKCU\...\Dexpot) (Version: 1.5.13 - Dexpot GbR)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.57.62 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HyperSnap 7 (HKLM-x32\...\HyperSnap 7) (Version: 7.11.04 - Hyperionics Technology LLC)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
MediaInfo 0.7.52 (HKLM\...\MediaInfo) (Version: 0.7.52 - MediaArea.net)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (HKLM-x32\...\{90120000-0015-0407-0000-0000000FF1CE}) (Version: - )
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}) (Version: - )
Microsoft Office Groove MUI (German) 2007 (HKLM-x32\...\{90120000-00BA-0407-0000-0000000FF1CE}) (Version: - )
Microsoft Office InfoPath MUI (German) 2007 (HKLM-x32\...\{90120000-0044-0407-0000-0000000FF1CE}) (Version: - )
Microsoft Office Office 64-bit Components 2007 (HKLM\...\{90120000-002A-0000-1000-0000000FF1CE}) (Version: - )
Microsoft Office OneNote MUI (German) 2007 (HKLM-x32\...\{90120000-00A1-0407-0000-0000000FF1CE}) (Version: - )
Microsoft Office Outlook MUI (German) 2007 (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}) (Version: - )
Microsoft Office PowerPoint MUI (German) 2007 (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}) (Version: - )
Microsoft Office Proof (English) 2007 (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}) (Version: - )
Microsoft Office Proof (French) 2007 (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}) (Version: - )
Microsoft Office Proof (German) 2007 (HKLM-x32\...\{90120000-001F-0407-0000-0000000FF1CE}) (Version: - )
Microsoft Office Proof (Italian) 2007 (HKLM-x32\...\{90120000-001F-0410-0000-0000000FF1CE}) (Version: - )
Microsoft Office Proofing (German) 2007 (HKLM-x32\...\{90120000-002C-0407-0000-0000000FF1CE}) (Version: - )
Microsoft Office Publisher MUI (German) 2007 (HKLM-x32\...\{90120000-0019-0407-0000-0000000FF1CE}) (Version: - )
Microsoft Office Shared 64-bit MUI (German) 2007 (HKLM\...\{90120000-002A-0407-1000-0000000FF1CE}) (Version: - )
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}) (Version: - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14013.22 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14013.22 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.0 beta 17a - Ghisler Software GmbH)
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows 7 Codec Pack 3.7.0 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 3.7.0 - Windows 7 Codec Pack)
WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.1.2013.0 - BillP Studios)
==================== Restore Points =========================
17-03-2014 10:06:47 Installed Samsung Kies3
17-03-2014 16:59:55 Windows Update
19-03-2014 18:24:25 Wiederherstellungsvorgang
19-03-2014 18:37:51 Windows Update
19-03-2014 18:56:10 Windows Update
19-03-2014 19:15:52 Wiederherstellungsvorgang
19-03-2014 19:31:51 Removed Google Drive
19-03-2014 19:32:29 Removed Google Drive
19-03-2014 19:33:47 Removed Google Earth.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {01581D4D-5A56-4C83-A362-640626215EE5} - System32\Tasks\{80E76E66-9F18-4EE6-8883-B74438FDBB26} => C:\Program Files (x86)\Electronic Arts\Die Sims 3\Game\Bin\Sims3Launcher.exe [2013-08-03] (Electronic Arts, Inc.)
Task: {021CC72C-1F87-461B-9995-B50B9FBFC8E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-17] (Google Inc.)
Task: {0A65CEDA-ADD2-43DE-9938-A08C0976493C} - System32\Tasks\{F6F0F0C6-8395-4374-861F-F2C78C2EFFF2} => C:\Program Files (x86)\Cloud Downloader 2.0\CloudDownloader.exe [2011-11-21] (Raffael Herrmann)
Task: {0F45FB3B-A197-480A-A09D-19A72975B1F8} - System32\Tasks\{A039E04F-205D-4882-9923-0AB991C878A8} => C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe [2007-10-24] (Sony DADC Austria AG)
Task: {15311DEE-7A3A-4D78-A7B3-379E0447B0BF} - System32\Tasks\{9C5BFB89-0F12-4FAD-9FB8-AD6650708869} => C:\Program Files (x86)\Electronic Arts\Die Sims 3\Game\Bin\Sims3Launcher.exe [2013-08-03] (Electronic Arts, Inc.)
Task: {16CD9BA4-9E93-47AF-8E4F-1EEC167D898B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2020D76F-1597-4C2E-82DA-163B92233F74} - System32\Tasks\{66B6ECB1-E645-4FE6-8D55-6648F3EF1741} => C:\Program Files (x86)\Sudden Strike - Release 1.0\game_exe.exe
Task: {23762B8F-CAFE-4026-A650-B874B9424A58} - System32\Tasks\{D232A051-F1AE-45DA-805A-CD15E2CE5E0C} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2013-04-04] (Malwarebytes Corporation)
Task: {287E9B96-6CDF-433C-AFC3-27A6C40554FE} - System32\Tasks\{C853A7DB-87B6-4FA2-9CBA-D41374CF169C} => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2013-04-04] (Malwarebytes Corporation)
Task: {312C1B26-66C4-417B-8135-BE37AB34117C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {4B7E8958-36D8-469A-AE32-0491BF01597B} - System32\Tasks\Dexpot\2 => C:\Program Files (x86)\Dexpot\autodex.exe [2011-09-08] (Dexpot GbR) <==== ATTENTION
Task: {4FE31A2F-CE9F-4051-B3E1-D968C5569B78} - System32\Tasks\Core Temp Autostart => C:\Program Files\Core Temp\Core Temp.exe [2010-07-02] ()
Task: {5577F332-F28C-45F1-BEA5-57B5EEE59767} - System32\Tasks\{86AAC09D-AB03-4803-BCC5-D1D8EEE5F947} => C:\Users\Nick\Desktop\Defogger.exe [2014-03-20] ()
Task: {5BE9FFE0-4A07-493C-95D7-FB160D3309EB} - System32\Tasks\EPUpdater => C:\Users\Nick\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-08-04] () <==== ATTENTION
Task: {60A11B8B-22C8-47F5-8E73-200B5BD7AA01} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {898E70A5-174B-4386-A096-2D7DE2073343} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {93FD6D33-C8B8-4966-97D2-9F1DD432A4BC} - System32\Tasks\{96487E09-EA21-4E87-B1B3-C9FC8B00E246} => C:\Program Files (x86)\Sudden Strike - Release 1.0\game_exe.exe
Task: {9B94C816-4CF1-4754-9A8D-1A682A8213F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-17] (Google Inc.)
Task: {B028F8B0-D0E5-4880-B67A-9E6B2D9934BE} - System32\Tasks\{8EC04778-FFC8-40F0-92C7-1DCD62139178} => C:\Users\Nick\Desktop\Defogger.exe [2014-03-20] ()
Task: {B1AA9E19-40DB-4611-B18F-0FF66FE8AC2F} - System32\Tasks\Dexpot\Dexpot Nick => C:\Program Files (x86)\Dexpot\dexpot.exe [2011-09-09] (Dexpot GbR)
Task: {D59166C6-B731-4981-992A-D1BDACC645EA} - System32\Tasks\{D8E4768E-EA30-4822-AA73-CAA9D16433CD} => C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe [2007-10-24] (Sony DADC Austria AG)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-15 15:24 - 2013-10-24 16:13 - 00265080 ____N () C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
2014-03-19 21:23 - 2014-03-19 21:23 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\accessl.ui
2014-03-19 20:57 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\bdfwcore.dll
2014-03-19 20:57 - 2014-03-19 21:22 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\UI\IMSecurityAL.ui
2014-03-19 21:16 - 2014-03-19 21:16 - 00771328 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00037_002\ashttpbr.mdl
2014-03-19 21:16 - 2014-03-19 21:16 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00037_002\ashttpdsp.mdl
2014-03-19 21:16 - 2014-03-19 21:16 - 02593416 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00037_002\ashttpph.mdl
2014-03-19 21:16 - 2014-03-19 21:16 - 01317216 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00037_002\ashttprbl.mdl
2012-01-17 21:15 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-19 15:28 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2014-03-19 21:16 - 2014-03-19 21:16 - 03004880 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\otengines_00037_002\ashttpf.mdl
2013-07-19 19:44 - 2013-07-19 19:44 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-01-17 19:04 - 2010-08-26 17:48 - 00285152 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2012-01-20 15:50 - 2010-07-02 13:52 - 00530448 _____ () C:\Program Files\Core Temp\Core Temp.exe
2014-03-20 12:30 - 2014-03-20 12:30 - 00050477 _____ () C:\Users\Nick\Desktop\Defogger.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-17 19:04 - 2010-07-09 16:38 - 00331776 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2013-07-13 22:38 - 2012-12-10 02:46 - 00600868 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2013-08-18 09:16 - 2013-08-22 11:02 - 00187888 _____ () C:\Users\Nick\AppData\Roaming\BabSolution\Shared\enhancedNT.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Nick\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-15 18:24 - 2014-02-15 18:24 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-12 13:37 - 2014-03-12 13:37 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Nick\Desktop\Defogger.exe:BDU
AlternateDataStreams: C:\Users\Nick\Desktop\FRST64.exe:BDU
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/20/2014 07:14:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/19/2014 09:26:59 PM) (Source: Google Update) (User: NT-AUTORITÄT)
Description: Google Update has encountered a fatal error.
ver=1.3.22.5;lang=de;id=;is_machine=1;oop=0;upload=0;minidump=C:\Program Files (x86)\Google\CrashReports\8c1e842c-c2d1-4782-976a-a07a88127114.dmp
Error: (03/19/2014 09:26:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.16521, Zeitstempel: 0x53114399
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038e19
ID des fehlerhaften Prozesses: 0xaf0
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (03/19/2014 09:22:12 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: crashreporter.exe, Version: 27.0.1.5156, Zeitstempel: 0x52fbf471
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038e19
ID des fehlerhaften Prozesses: 0xea4
Startzeit der fehlerhaften Anwendung: 0xcrashreporter.exe0
Pfad der fehlerhaften Anwendung: crashreporter.exe1
Pfad des fehlerhaften Moduls: crashreporter.exe2
Berichtskennung: crashreporter.exe3
Error: (03/19/2014 09:14:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: KiesTrayAgent.exe, Version: 2.0.0.143, Zeitstempel: 0x5170cf47
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0150010
Fehleroffset: 0x0008482b
ID des fehlerhaften Prozesses: 0x10f4
Startzeit der fehlerhaften Anwendung: 0xKiesTrayAgent.exe0
Pfad der fehlerhaften Anwendung: KiesTrayAgent.exe1
Pfad des fehlerhaften Moduls: KiesTrayAgent.exe2
Berichtskennung: KiesTrayAgent.exe3
Error: (03/19/2014 09:13:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: KiesTrayAgent.exe, Version: 2.0.0.143, Zeitstempel: 0x5170cf47
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00038e19
ID des fehlerhaften Prozesses: 0x10f4
Startzeit der fehlerhaften Anwendung: 0xKiesTrayAgent.exe0
Pfad der fehlerhaften Anwendung: KiesTrayAgent.exe1
Pfad des fehlerhaften Moduls: KiesTrayAgent.exe2
Berichtskennung: KiesTrayAgent.exe3
Error: (03/19/2014 09:06:49 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.16521, Zeitstempel: 0x53114399
Name des fehlerhaften Moduls: BdProvider.dll, Version: 16.32.0.1887, Zeitstempel: 0x52026dda
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000f1e9
ID des fehlerhaften Prozesses: 0x3e0
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (03/19/2014 09:05:19 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.11.3.0, Zeitstempel: 0x50f9475d
Name des fehlerhaften Moduls: BdProvider.dll, Version: 16.32.0.1887, Zeitstempel: 0x52026dda
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000de7a
ID des fehlerhaften Prozesses: 0x17dc
Startzeit der fehlerhaften Anwendung: 0xdaemonu.exe0
Pfad der fehlerhaften Anwendung: daemonu.exe1
Pfad des fehlerhaften Moduls: daemonu.exe2
Berichtskennung: daemonu.exe3
Error: (03/19/2014 09:03:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Dropbox.exe, Version: 2.4.11.0, Zeitstempel: 0x527d91e4
Name des fehlerhaften Moduls: BdProvider.dll, Version: 16.32.0.1887, Zeitstempel: 0x52026dda
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000de7a
ID des fehlerhaften Prozesses: 0x11c8
Startzeit der fehlerhaften Anwendung: 0xDropbox.exe0
Pfad der fehlerhaften Anwendung: Dropbox.exe1
Pfad des fehlerhaften Moduls: Dropbox.exe2
Berichtskennung: Dropbox.exe3
Error: (03/19/2014 09:03:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: iTunesHelper.exe, Version: 11.1.4.62, Zeitstempel: 0x52f3b0df
Name des fehlerhaften Moduls: BdProvider.dll, Version: 16.32.0.1887, Zeitstempel: 0x52026dda
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000de7a
ID des fehlerhaften Prozesses: 0x1204
Startzeit der fehlerhaften Anwendung: 0xiTunesHelper.exe0
Pfad der fehlerhaften Anwendung: iTunesHelper.exe1
Pfad des fehlerhaften Moduls: iTunesHelper.exe2
Berichtskennung: iTunesHelper.exe3
System errors:
=============
Error: (03/19/2014 09:27:02 PM) (Source: DCOM) (User: Nicks-W7)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Nicks-W7NickS-1-5-21-699013304-1416678476-2723027378-1000LocalHost (unter Verwendung von LRPC)
Error: (03/19/2014 09:27:00 PM) (Source: DCOM) (User: Nicks-W7)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Nicks-W7NickS-1-5-21-699013304-1416678476-2723027378-1000LocalHost (unter Verwendung von LRPC)
Error: (03/19/2014 09:27:00 PM) (Source: DCOM) (User: Nicks-W7)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Nicks-W7NickS-1-5-21-699013304-1416678476-2723027378-1000LocalHost (unter Verwendung von LRPC)
Error: (03/19/2014 09:26:59 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Google Update Service (gupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/19/2014 09:26:24 PM) (Source: DCOM) (User: Nicks-W7)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Nicks-W7NickS-1-5-21-699013304-1416678476-2723027378-1000LocalHost (unter Verwendung von LRPC)
Error: (03/19/2014 09:26:18 PM) (Source: DCOM) (User: Nicks-W7)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Nicks-W7NickS-1-5-21-699013304-1416678476-2723027378-1000LocalHost (unter Verwendung von LRPC)
Error: (03/19/2014 09:05:19 PM) (Source: Service Control Manager) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/19/2014 08:26:25 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Google Update Service (gupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/19/2014 08:23:35 PM) (Source: Service Control Manager) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/19/2014 08:09:23 PM) (Source: Service Control Manager) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-09-14 10:21:36.748
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00204_002\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-14 10:06:43.227
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\avc3_000_001\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-11 21:16:26.075
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-07-11 21:16:26.028
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-01-20 10:51:21.989
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-01-19 17:32:01.205
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-01-19 17:17:09.408
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\pcrelib.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 4094.46 MB
Available physical RAM: 2146.39 MB
Total Pagefile: 8187.09 MB
Available Pagefile: 6062.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: (Part1) (Fixed) (Total:931.42 GB) (Free:437.95 GB) NTFS
Drive d: (Sims3EP10) (CDROM) (Total:4.37 GB) (Free:0 GB) UDF
Drive e: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:4.94 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:100.3 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A118B98B)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 0A6D3A40)
Partition: GPT Partition Type.
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 9DC80F96)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
GMER: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-20 13:10:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 931,52GB
Running: Gmer-19357.exe; Driver: C:\Users\Nick\AppData\Local\Temp\fwlyqpoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[1136] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 00000000728c1a22 2 bytes [8C, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1136] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 00000000728c1ad0 2 bytes [8C, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1136] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 00000000728c1b08 2 bytes [8C, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1136] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 00000000728c1bba 2 bytes [8C, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1136] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 00000000728c1bda 2 bytes [8C, 72]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077691465 2 bytes [69, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776914bb 2 bytes [69, 77]
.text ... * 2
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077691465 2 bytes [69, 77]
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776914bb 2 bytes [69, 77]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077691465 2 bytes [69, 77]
.text C:\Windows\SysWOW64\rundll32.exe[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776914bb 2 bytes [69, 77]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077691465 2 bytes [69, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[1016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776914bb 2 bytes [69, 77]
.text ... * 2
.text C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe[2936] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077691465 2 bytes [69, 77]
.text C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe[2936] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000776914bb 2 bytes [69, 77]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077691465 2 bytes [69, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776914bb 2 bytes [69, 77]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\Users\Nick\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2936](2014-01-03 00:45:04) 00000000040b0000
Library C:\Users\Nick\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2936](2013-10-18 23:55:02) 000000006c4d0000
Library C:\Users\Nick\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2936] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 0000000073310000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0fc2b0
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0fc2b0@0024ef3ef837 0xFA 0x3A 0x23 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0fc2b0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0fc2b0@0024ef3ef837 0xFA 0x3A 0x23 0x0F ...
---- EOF - GMER 2.1 ----
bitdefender Code:
Object Path Reason Final Status
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0000.zip=>Quarantine.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip=>120119-171919.xml Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip=>120119-171919.xml Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip=>Quarantine.reg Password-protected Not scanned (file was password-protected)
File: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (object was not found)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip=>Quarantine.reg Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m10.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0000.zip=>Log-0000.sfv Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m11.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m30.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m12.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip=>120119-171919.xml Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip=>120119-171919.xml Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m31.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m13.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip=>Quarantine.reg Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m50.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m32.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m14.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m51.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m33.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m15.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip=>Quarantine.ini Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m52.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m34.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m16.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0000.zip=>Quarantine.reg Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m53.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m35.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m17.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0000.zip=>Windows/setupact.log Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m54.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m36.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m18.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0000.zip=>Windows/Panther/setupact.log Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip=>Quarantine.reg Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m55.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m37.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m19.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\WinRAR-0000.zip=>Quarantine.reg Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m56.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m38.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\99SE\My_job\My_job.rar Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0000.zip=>120119-171919.xml Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip=>Windows.OpenWith-0000.sfv Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m57.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m39.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m58.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m59.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip=>MS DirectDraw-0000.sfv Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip=>120119-171919.xml Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip=>Cookie-0000.sfv Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip=>Quarantine.reg Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip=>120119-171919.xml Password-protected Not scanned (file was password-protected)
File: C:\System Volume Information\{2ebf82cc-a9dd-11e3-b2b0-001d7d02fcf5}{3808876b-c176-4e48-b7ae-04046e6cc752} (object was not found)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\integratedlibraries.exe=>(ZIP Sfx s)=>SETUP_INTEGRATED_LIBRARIES.exe Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip=>Quarantine.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip=>Windows Explorer-0000.sfv Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip=>120119-171919.xml Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip=>Windows Media SDK-0000.sfv Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip=>MS Media Player-0000.sfv Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\WinRAR-0000.zip=>120119-171919.xml Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0000.zip=>MS Management Console-0000.sfv Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>SETUP.ini Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>SETUP.exe Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip=>Quarantine.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip=>MS Direct3D-0000.sfv Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m20.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip=>Quarantine.ini Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m21.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\WinRAR-0000.zip=>WinRAR-0000.sfv Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m40.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m22.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip=>Quarantine.reg Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m41.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m23.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip=>Cache-0000.sfv Password-protected Not scanned (file was password-protected)
File: C:\System Volume Information\{f9d1da6a-adaa-11e3-ab79-001d7d02fcf5}{3808876b-c176-4e48-b7ae-04046e6cc752} (object was not found)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip=>120119-171919.xml Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m42.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m24.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip=>Quarantine.ini Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>SETUP.MSI Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m43.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m25.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m44.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m26.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m45.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m27.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0000.zip=>Quarantine.ini Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m46.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m28.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m47.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m29.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip=>Quarantine.ini Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m48.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\WinRAR-0000.zip=>Quarantine.ini Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>instmsiw.exe Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m49.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip=>Quarantine.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0000.zip=>Quarantine.lst Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m1.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip=>Internet Explorer-0000.sfv Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0000.zip=>Windows/DtcInstall.log Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m2.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m3.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip=>Quarantine.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip=>Quarantine.ini Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip=>Quarantine.reg Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m4.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m5.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m6.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip=>120119-171919.xml Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m7.cab Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m8.cab Password-protected Not scanned (file was password-protected)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0000.zip=>Log-0000.md5 Password-protected Not scanned (file was password-protected)
File: C:\Partition 2\Archiv\Software\älter\CAM\Protel\2003xp\proteldxp_trial_version_withsp2.exe=>(ZIP Sfx s)=>m9.cab Password-protected Not scanned (file was password-protected)
File: C:\System Volume Information\{f9d1da47-adaa-11e3-ab79-001d7d02fcf5}{3808876b-c176-4e48-b7ae-04046e6cc752} (object was not found)
File: C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0000.zip=>120119-171919.xml Password-protected Not scanned (file was password-protected)
Vielen Dank |
AdwCleaner auf deinen Desktop.
FRST 32-Bit | FRST 64-Bit
TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
WARNUNG an die MITLESER: 
