| |
| |||||||
Log-Analyse und Auswertung: Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöschtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.09.2012, 10:41
| #1 |
 |  Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht Hallo! Beim der Installation der Software VCD Video Converter wurde auch die Leiste Mystart im Hintergrund installiert und diese bekomme ich nun nicht mehr aus dem Firefox. Beim Öffnen eines neuen tabs wird immer die Mystart-Homepage geöffnet. Zudem hat sich nach der Installation die Schriftwart in meinem Browser in der Eingabezeile und in der Lesezeichen-Leiste geändert. Da ich die Software Malwarebytes bereits kannte habe ich sie laufen lassen und den Fund gelöscht, jedoch bevor ich auf dieses Forum gestoßen bin. Das Mystart-Problem existiert weiterhin. - Defogger habe ich entsprechend der Anleitung ausgeführt - OTL habe ich entsprechend der Anleitung ausgeführt. Die Inhalte sie unten. - Mein System ist ein 32bit-System - Gmer habe ich ausgeführt, Ergebnis siehe unten Und wie gehts nun weiter? Grüße, scrooge75 OTL.txt: OTL logfile created on: 9/19/2012 10:42:47 AM - Run 2 OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Markus.Ortlieb\Downloads Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3.16 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 34.17% Memory free 6.33 Gb Paging File | 4.12 Gb Available in Paging File | 65.11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119.24 Gb Total Space | 38.03 Gb Free Space | 31.89% Space Free | Partition Type: NTFS Computer Name: BIBLPORTLIEB | User Name: Markus.Ortlieb | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/09/19 10:33:04 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Markus.Ortlieb\Downloads\OTL.exe PRC - [2012/09/09 12:07:16 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/08/31 09:52:22 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012/08/31 09:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/08/31 09:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2012/08/28 17:09:56 | 000,188,760 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe PRC - [2012/05/14 16:26:14 | 001,983,304 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\NTRtScan.exe PRC - [2012/05/14 03:34:06 | 001,113,984 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\PccNTMon.exe PRC - [2012/05/12 00:03:34 | 001,836,272 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\TmListen.exe PRC - [2012/05/04 18:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\BM\TMBMSRV.exe PRC - [2012/03/15 15:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\TmProxy.exe PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\Messenger\YahooMessenger.exe PRC - [2012/02/20 04:00:00 | 000,981,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\CcmExec.exe PRC - [2012/02/17 10:37:46 | 015,963,936 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE PRC - [2012/01/11 11:51:36 | 000,207,932 | ---- | M] (Infonautics GmbH Switzerland) -- C:\Screencapture\ScreenCapturePrint.exe PRC - [2011/10/31 11:45:34 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Programme\Trend Micro\OfficeScan Client\CNTAoSMgr.exe PRC - [2011/10/04 00:31:50 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe PRC - [2011/10/04 00:31:48 | 000,505,720 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2011/10/04 00:31:48 | 000,057,680 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2011/10/04 00:31:48 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2011/10/04 00:31:42 | 000,072,296 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe PRC - [2011/10/04 00:31:40 | 000,536,668 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2011/10/04 00:31:40 | 000,274,514 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe PRC - [2011/10/04 00:31:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe PRC - [2011/07/28 15:43:26 | 001,459,056 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\Dell System Manager\DCPSysMgr.exe PRC - [2011/07/28 15:39:42 | 000,390,000 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/02/15 15:50:52 | 000,686,704 | ---- | M] () -- C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe PRC - [2010/11/20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010/11/20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/11/06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010/10/25 09:33:04 | 000,826,272 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe PRC - [2010/10/25 09:33:04 | 000,032,160 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe PRC - [2010/10/15 19:14:08 | 002,843,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2010/10/15 19:14:08 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2010/10/15 19:14:08 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2010/09/27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010/08/16 17:42:08 | 000,153,560 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe PRC - [2010/08/16 17:42:04 | 000,202,712 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe PRC - [2010/07/27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010/06/17 22:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2010/04/06 00:41:46 | 000,116,224 | ---- | M] (Brio) -- C:\Programme\FolderSize\FolderSizeSvc.exe PRC - [2010/01/09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2008/09/01 18:38:08 | 000,098,304 | ---- | M] (iPass, Inc.) -- C:\Programme\iPass\iPassConnect\iPassPeriodicUpdateService.exe PRC - [2008/09/01 18:38:06 | 000,155,648 | ---- | M] (iPass, Inc.) -- C:\Programme\iPass\iPassConnect\iPassPeriodicUpdateApp.exe ========== Modules (No Company Name) ========== MOD - [2012/09/18 09:02:47 | 000,115,137 | ---- | M] () -- C:\Users\Markus.Ortlieb\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll MOD - [2012/09/18 09:02:23 | 015,399,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\002b4b1af5f8145bf6b6afe21d4f1db2\Kies.Theme.ni.dll MOD - [2012/09/18 09:02:23 | 000,608,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\de1a504d1535e5005fbae8f6a4d97ce5\DevicePodcast.ni.dll MOD - [2012/09/18 09:02:23 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\ee12ab3bf308cbe22f373afbddf0be6b\DeviceVideo.ni.dll MOD - [2012/09/18 09:02:22 | 002,778,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\23fd65cd04b03d19931758d7472e38a4\PodcastService.ni.dll MOD - [2012/09/18 09:02:22 | 000,367,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\e5e58a020638d28d3740195f1d0738da\DevicePhoto.ni.dll MOD - [2012/09/18 09:02:22 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\0377dd6ed6a5e92a0b8d6eb7d0b64f79\DeviceMusic.ni.dll MOD - [2012/09/18 09:02:21 | 000,461,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\1d941bea2e28bc074d74327844bb0777\VideoManager.ni.dll MOD - [2012/09/18 09:02:20 | 001,143,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\65018f5e3da23293d642168f7b132d40\Podcaster.ni.dll MOD - [2012/09/18 09:02:19 | 000,607,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\6f522f515d38e08db4ebab8d1f25d68b\PhotoManager.ni.dll MOD - [2012/09/18 09:02:16 | 005,676,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\df1a05b63f8fefaf91d097225e726b12\DeviceHost.ni.dll MOD - [2012/09/18 09:02:11 | 001,843,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\c826afe2d03c8006229ab80a2d7126c7\Phonebook.ni.dll MOD - [2012/09/18 09:02:09 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8465ae2b954384776b5cd98d69c0108d\Kies.Common.DeviceServiceLib.FirmwareUpdate.Firmw areUpdateAgentHelper.ni.dll MOD - [2012/09/18 09:02:07 | 001,008,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\94d167be7a5ae09d21349ce6fd3d8a9e\CPKTMusicPlugin.ni.dll MOD - [2012/09/18 09:02:06 | 000,963,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\3908b9456a6e3665f83d56161f21198c\MusicManager.ni.dll MOD - [2012/09/18 09:02:04 | 000,320,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\e5c8f9e08db50fb625c029361147f47e\EBookManager.ni.dll MOD - [2012/09/18 09:02:03 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\ed8a6670f7dbe1ae78aa091a0935fb87\BATPlugin.ni.dll MOD - [2012/09/18 09:02:02 | 000,507,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\25823a7264f74e67158031f485c0bb23\Kies.Common.MediaDB.ni.dll MOD - [2012/09/18 09:02:02 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\c209d4b3c25507564757710f6d4a4570\AllShareController.ni.dll MOD - [2012/09/18 09:02:01 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\81bb58061bcd2a4c3bf4136abe041d20\ASF_cSharpAPI.ni.dll MOD - [2012/09/18 09:02:01 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\b9360cef783c6eb105c636c3721b7cc9\Kies.Common.AllShare.ni.dll MOD - [2012/09/18 09:02:01 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\d9eca4746981ac218c1dbe0c131ce108\Kies.Common.StoreManager.ni.dll MOD - [2012/09/18 09:02:00 | 000,565,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4b033da616a5e8e2b9ebe95342e9cf0d\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2012/09/18 09:02:00 | 000,276,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\378ccdcd4181f6bf23d992e26be1c347\Kies.Common.DeviceServiceLib.FirmwareUpdate.Commo n.ni.dll MOD - [2012/09/18 09:02:00 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\57b7389241c36caa1d2132d68eddedda\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downl oader.ni.dll MOD - [2012/09/18 09:01:59 | 000,566,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\61df63e5646fd99c9912c90ba2984b8b\Kies.Common.DeviceServiceLib.DeviceDataService.ni .dll MOD - [2012/09/18 09:01:59 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\170b754ba9dcd78ee0b06a32af4a7c1f\Interop.DevFileServiceLib.ni.dll MOD - [2012/09/18 09:01:57 | 001,024,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c1c88c2dea6ff25505706a1a23e26c30\Kies.Common.DeviceService.ni.dll MOD - [2012/09/18 09:01:57 | 000,901,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d98653829401f61cb22f0a1e8e65e6b0\Kies.Common.DeviceServiceLib.DeviceManagement.ni. dll MOD - [2012/09/18 09:01:56 | 002,188,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\eac2b2d51b2b9c65a35b08fdcfb51eed\Kies.Common.Multimedia.ni.dll MOD - [2012/09/18 09:01:56 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e1837e9c63789850168d0bb76826128d\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2012/09/18 09:01:55 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2012/09/18 09:01:55 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2012/09/18 09:01:54 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2012/09/18 09:01:54 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\25dc31b1903a3689788caf51d3d93f97\Interop.PRPLAYERCORELib.ni.dll MOD - [2012/09/18 09:01:52 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\5be40478cd0ba1097b88eb05698a77a2\Kies.Common.MainUI.ni.dll MOD - [2012/09/18 09:01:52 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\1600f24d91e6f9634b0ca377b89ef6b0\Kies.Common.DBManager.ni.dll MOD - [2012/09/18 09:01:51 | 001,674,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\25712af86daacf25fc9288e66b7f0f15\Kies.ni.exe MOD - [2012/09/18 09:01:51 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\2d7161baa59dd2c1c39f4a192d760e7d\ICSharpCode.SharpZipLib.ni.dll MOD - [2012/09/18 09:01:51 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll MOD - [2012/09/18 09:01:51 | 000,201,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\5b795067a59c204d32cfc0d0db675d9c\Kies.Common.Util.ni.dll MOD - [2012/09/18 09:01:50 | 001,728,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\40df0fefb0da1d6e9bfaf1c72c001dfd\Kies.UI.ni.dll MOD - [2012/09/18 09:01:50 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\9a6bad5be6518d4a975893676a49a82c\Interop.DeviceSearchLib.ni.dll MOD - [2012/09/18 09:01:49 | 001,437,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\c4f56538bb1d5921690a486bf052e30b\Kies.Locale.ni.dll MOD - [2012/09/18 09:01:49 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\afa8de1e7aabde98f9a5fec1abdb9a05\Kies.MVVM.ni.dll MOD - [2012/09/18 09:01:48 | 001,185,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\a24e92c33778abe42b3cd6135a8238ca\Kies.Interface.ni.dll MOD - [2012/09/18 09:01:47 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\99372e3c4882e5727a8055b6548ef4fc\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2012/09/09 12:07:15 | 002,244,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012/08/31 09:52:22 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012/07/03 12:14:56 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eac8b316dbdcc6fdba0d80e76063643c\IAStorUtil.ni.dll MOD - [2012/07/03 12:14:56 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll MOD - [2012/07/03 10:39:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/07/03 10:39:28 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012/07/03 10:39:24 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012/07/03 10:39:12 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/07/03 10:39:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/07/03 10:39:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/07/03 10:39:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/07/03 10:39:00 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/06/27 12:35:48 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012/06/27 12:34:38 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9d32c82a43fa7b948f6ad62a55ceaa73\System.ServiceProcess.ni.dll MOD - [2012/06/27 12:34:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll MOD - [2012/06/27 12:34:01 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012/06/27 12:05:56 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9b24ceabcec0e6585573eba2837ae0a5\PresentationFramework.ni.dll MOD - [2012/06/27 12:05:46 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0ada55b589d5afc9fbcece80a97ad64b\PresentationCore.ni.dll MOD - [2012/06/27 12:05:39 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f750eaacd177ac6247919035d58643a5\WindowsBase.ni.dll MOD - [2012/06/27 12:05:37 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012/06/27 12:02:38 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d231b57b4658ef8ac5e04f0a38aea210\System.Windows.Forms.ni.dll MOD - [2012/06/27 12:02:31 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012/06/27 12:02:27 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012/06/27 12:02:24 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\e5815f5d63d01768714c92c2decbf04c\System.Drawing.ni.dll MOD - [2012/06/27 12:02:23 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012/06/27 12:02:22 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012/06/27 12:02:18 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Programme\Yahoo!\Messenger\yui.dll MOD - [2012/02/22 20:49:38 | 000,078,336 | ---- | M] () -- C:\Programme\Yahoo!\Messenger\pcre.dll MOD - [2011/10/04 00:31:58 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2011/02/15 15:50:52 | 000,686,704 | ---- | M] () -- C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe MOD - [2010/12/21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/10/15 19:14:18 | 000,132,384 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2010/08/03 08:56:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV - [2012/09/19 10:24:35 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/09 12:07:16 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/08/28 17:09:56 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/14 16:26:14 | 001,983,304 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan) SRV - [2012/05/12 00:03:34 | 001,836,272 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten) SRV - [2012/05/04 18:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2012/03/15 15:31:58 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy) SRV - [2012/02/20 04:00:00 | 000,981,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\CcmExec.exe -- (CcmExec) SRV - [2012/02/20 04:00:00 | 000,442,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\CCM\RemCtrl\CmRcService.exe -- (CmRcService) SRV - [2012/02/20 04:00:00 | 000,251,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\CCM\TSManager.exe -- (smstsmgr) SRV - [2011/12/06 17:20:20 | 000,048,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lppsvc) SRV - [2011/12/06 17:20:20 | 000,048,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lpasvc) SRV - [2011/10/04 00:31:42 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH) SRV - [2011/10/04 00:31:40 | 000,274,514 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2011/10/04 00:31:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters) SRV - [2011/07/28 15:39:42 | 000,390,000 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2011/07/20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010/11/20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/10/25 09:33:04 | 000,826,272 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV - [2010/10/25 09:33:04 | 000,032,160 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV - [2010/10/15 19:14:08 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010/09/27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010/08/16 17:42:08 | 000,153,560 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr32.exe -- (dcevt32) SRV - [2010/08/16 17:42:04 | 000,202,712 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell\SysMgt\dataeng\bin\dsm_sa_datamgr32.exe -- (dcstor32) SRV - [2010/07/27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2010/04/06 00:41:46 | 000,116,224 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize) SRV - [2010/01/09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010/01/09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/09/26 14:51:38 | 001,712,128 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Programme\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine) SRV - [2008/09/01 18:38:08 | 000,098,304 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Programme\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService) SRV - [2008/09/01 18:38:06 | 000,155,648 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Programme\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - [2012/09/19 10:26:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/07/31 12:42:48 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012/07/31 12:42:48 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012/04/20 01:18:56 | 000,073,008 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon) DRV - [2012/04/20 01:18:42 | 000,060,648 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2012/04/13 10:41:10 | 000,205,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm) DRV - [2012/02/20 04:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2011/10/04 00:31:56 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2011/10/04 00:31:56 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2011/10/04 00:31:56 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv) DRV - [2011/10/04 00:31:48 | 000,305,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2011/10/04 00:31:46 | 000,191,488 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwdelserial.sys -- (nwdelserial) DRV - [2011/10/04 00:31:46 | 000,027,264 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwdelgobi3kfilter.sys -- (nwdelgobi3kfilter) DRV - [2011/10/04 00:31:46 | 000,026,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wwanussf.sys -- (ecnssndisfltr) DRV - [2011/10/04 00:31:46 | 000,023,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wwanuss.sys -- (ecnssndis) DRV - [2011/10/04 00:31:44 | 000,396,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) DRV - [2011/10/04 00:31:44 | 000,361,032 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mbm3CBus.sys -- (Mbm3CBus) DRV - [2011/10/04 00:31:44 | 000,087,592 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\d554gps.sys -- (d554gps) DRV - [2011/10/04 00:31:42 | 000,435,200 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2011/10/04 00:31:42 | 000,063,976 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdjw7.sys -- (O2SDJRDR) DRV - [2011/10/04 00:31:42 | 000,062,440 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\O2MDRw7.sys -- (O2MDRRDR) DRV - [2011/10/04 00:31:42 | 000,060,904 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdfw7.sys -- (O2MDFRDR) DRV - [2011/10/04 00:31:42 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) DRV - [2011/10/04 00:31:38 | 000,044,144 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\accelern.sys -- (Acceler) DRV - [2011/08/03 18:27:18 | 007,517,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) DRV - [2011/07/20 09:36:42 | 000,268,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress) DRV - [2011/07/15 22:30:50 | 000,017,904 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn) DRV - [2011/07/12 11:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\TmXpflt.sys -- (TmFilter) DRV - [2011/07/12 11:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\TmPreflt.sys -- (TmPreFilter) DRV - [2011/07/12 11:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\Trend Micro\OfficeScan Client\vsapiNT.sys -- (VSApiNt) DRV - [2010/12/07 15:58:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi) DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 04:30:14 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010/11/20 02:24:42 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010/11/20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 02:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010/11/20 02:21:16 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2010/11/20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 01:14:50 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/09/27 12:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009/10/19 09:10:20 | 000,026,624 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dcdbas32.sys -- (dcdbas) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {84630365-439B-4036-955B-F475B3233C24} IE - HKLM\..\SearchScopes\{28D49464-CDAD-4F58-8CB4-1B4B39581593}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{84630365-439B-4036-955B-F475B3233C24}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.kavo.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb174?a=6OyOvWn87o&i=26 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=2e46b9db-92cf-403a-9520-b600c2092bf8&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={4053278E-DCAC-4CF6-AE73-9B4584D04116}&mid=d8bbd5e137cc47d0be45a5976d7c4cda-2c2400c527f2de228e4f04fd778b12e2d453762e&lang=de&ds=AVG&pr=fr&d=2012-09-19 09:23:42&v=12.2.5.34&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6OyOvWn87o&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105 FF - prefs.js..extensions.enabledAddons: {d37dc5d0-431d-44e5-8c91-49419370caa1}:3.1.25 FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.100 FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B64dc8fb0-2725-4f3a-8eb6-d9d6f2ca9e63%7D&mid=d8bbd5e137cc47d0be45a5976d7c4cda-2c2400c527f2de228e4f04fd778b12e2d453762e&ds=AVG&v=12.2.5.34&lang=de&pr=fr&d=2012-09-18%2019%3A46%3A39&sap=ku&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Markus.Ortlieb\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Markus.Ortlieb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/04/05 08:48:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/04/05 08:49:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/09/18 19:30:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 12:07:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/12 12:29:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 12:07:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/12 12:29:56 | 000,000,000 | ---D | M] [2012/04/04 09:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Extensions [2012/09/18 19:30:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Firefox\Profiles\f4n0anu9.default\extensions [2012/05/27 17:49:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Firefox\Profiles\f4n0anu9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/09/12 09:24:14 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Firefox\Profiles\f4n0anu9.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2012/09/18 19:30:45 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Firefox\Profiles\f4n0anu9.default\extensions\ffxtlbr@incredibar.com [2012/05/04 14:54:25 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\Firefox\Profiles\f4n0anu9.default\extensions\ietab@ip.cn [2012/09/18 19:30:34 | 000,002,203 | ---- | M] () -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\firefox\profiles\f4n0anu9.default\searchplugins\MyStart Search.xml [2012/09/18 19:23:52 | 000,002,615 | ---- | M] () -- C:\Users\Markus.Ortlieb\AppData\Roaming\mozilla\firefox\profiles\f4n0anu9.default\searchplugins\Web Search.xml [2012/09/09 12:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012/09/18 19:30:39 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012/09/09 12:07:16 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/03/13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/09/19 09:23:28 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/09/03 08:27:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/03/13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/03/13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/03/13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/03/13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [FreeFallProtection] C:\Programme\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: dhrmedical.org ([]* in Lokales Intranet) O15 - HKLM\..Trusted Domains: dhrmedical.org ([*.gendex] * in Lokales Intranet) O15 - HKLM\..Trusted Domains: dhrmedical.org ([*.kavo] * in Lokales Intranet) O15 - HKLM\..Trusted Domains: kavo.de ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: dhrmedical.org ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: dhrmedical.org ([*.gendex] * in Lokales Intranet) O15 - HKCU\..Trusted Domains: dhrmedical.org ([*.kavo] * in Lokales Intranet) O15 - HKCU\..Trusted Domains: kavo.de ([]* in Lokales Intranet) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://danaher.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kavo.dhrmedical.org O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBBB6523-7361-4654-B460-0E93574F494C}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Sapgui\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Sapgui\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b8300e74-bc9d-11df-ba19-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b8300e74-bc9d-11df-ba19-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SMS\bin\i386\TSMBAutorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/09/19 10:25:42 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012/09/19 09:51:25 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Malwarebytes [2012/09/19 09:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/09/19 09:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/09/19 09:51:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/09/19 09:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/09/19 09:29:21 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Local\Avg2013 [2012/09/18 19:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/09/18 19:45:23 | 000,000,000 | -H-D | C] -- C:\$AVG [2012/09/18 19:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012/09/18 19:44:37 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Local\MFAData [2012/09/18 19:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/09/18 19:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012/09/18 19:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com [2012/09/18 19:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant [2012/09/18 19:24:44 | 000,000,000 | ---D | C] -- C:\Freemake [2012/09/18 19:23:48 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Roaming\TuneUp Software [2012/09/18 19:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012 [2012/09/18 19:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012/09/18 19:23:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012/09/18 19:23:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/09/18 19:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2012/09/18 19:22:40 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Roaming\OpenCandy [2012/09/18 19:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake [2012/09/18 09:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2012/09/18 09:22:58 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec [2012/09/18 09:11:51 | 000,000,000 | ---D | C] -- C:\SelfMV [2012/09/18 09:01:06 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2012/09/18 09:01:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2012/09/13 17:27:56 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\Steuer-Sparbuch [2012/09/13 16:40:17 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Buhl Data Service [2012/09/13 16:40:16 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Local\Buhl Data Service [2012/09/13 14:39:06 | 000,000,000 | ---D | C] -- C:\Users\Markus.Ortlieb\AppData\Local\Buhl [2012/09/13 14:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2012 [2012/09/13 14:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\WISO [2012/09/13 14:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH [2012/09/10 18:15:15 | 000,000,000 | ---D | C] -- C:\Windows\ms [2012/09/10 18:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft System Center 2012 [2012/09/10 18:15:15 | 000,000,000 | ---D | C] -- C:\Windows\ccmcache [2012/09/10 18:15:15 | 000,000,000 | ---D | C] -- C:\Windows\CCM [2012/09/10 18:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Policy Platform [2012/09/10 18:12:39 | 000,000,000 | ---D | C] -- C:\Windows\ccmsetup [2012/09/09 12:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/09/07 18:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2012/09/07 18:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon [2012/08/28 10:04:34 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll [2012/08/28 10:04:32 | 000,045,320 | ---- | C] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll ========== Files - Modified Within 30 Days ========== [2012/09/19 10:43:00 | 000,000,738 | ---- | M] () -- C:\Windows\tasks\OpenCandyHelperRun.job [2012/09/19 10:43:00 | 000,000,738 | ---- | M] () -- C:\Windows\tasks\OpenCandyHelper.job [2012/09/19 10:42:10 | 000,000,000 | ---- | M] () -- C:\Users\Markus.Ortlieb\defogger_reenable [2012/09/19 10:35:09 | 000,012,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/09/19 10:35:09 | 000,012,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/09/19 10:27:16 | 000,774,508 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2012/09/19 10:27:16 | 000,774,364 | ---- | M] () -- C:\Windows\System32\perfh00A.dat [2012/09/19 10:27:16 | 000,772,052 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2012/09/19 10:27:16 | 000,769,126 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2012/09/19 10:27:16 | 000,768,708 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012/09/19 10:27:16 | 000,736,282 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/09/19 10:27:16 | 000,697,192 | ---- | M] () -- C:\Windows\System32\perfh005.dat [2012/09/19 10:27:16 | 000,692,474 | ---- | M] () -- C:\Windows\System32\perfh01D.dat [2012/09/19 10:27:16 | 000,690,856 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/09/19 10:27:16 | 000,170,988 | ---- | M] () -- C:\Windows\System32\perfc00A.dat [2012/09/19 10:27:16 | 000,168,158 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012/09/19 10:27:16 | 000,165,464 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2012/09/19 10:27:16 | 000,162,012 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2012/09/19 10:27:16 | 000,161,954 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/09/19 10:27:16 | 000,159,364 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2012/09/19 10:27:16 | 000,155,104 | ---- | M] () -- C:\Windows\System32\perfc01D.dat [2012/09/19 10:27:16 | 000,153,712 | ---- | M] () -- C:\Windows\System32\perfc005.dat [2012/09/19 10:27:16 | 000,134,422 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/09/19 10:26:20 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012/09/19 10:25:19 | 000,000,464 | ---- | M] () -- C:\Windows\SMSCFG.INI [2012/09/19 10:24:36 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/09/19 10:22:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/09/19 10:22:52 | 2548,744,192 | -HS- | M] () -- C:\hiberfil.sys [2012/09/19 10:05:03 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219UA.job [2012/09/19 09:51:16 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/09/19 09:25:56 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3842183496-1387694075-2723946746-6219Core.job [2012/09/18 19:30:47 | 000,000,454 | ---- | M] () -- C:\user.js [2012/09/18 09:02:39 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012/09/17 13:45:02 | 000,040,674 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012/09/17 13:44:25 | 000,009,507 | ---- | M] () -- C:\Windows\cfgall.ini [2012/09/17 13:44:15 | 000,007,550 | RHS- | M] () -- C:\Users\Markus.Ortlieb\ntuser.pol [2012/09/13 19:06:10 | 000,028,316 | ---- | M] () -- C:\Users\Markus.Ortlieb\Desktop\Gmail - Media Markt Download Shop Bestellung Nr. # 126933.pdf [2012/09/13 16:56:23 | 000,000,694 | ---- | M] () -- C:\Windows\wiso.ini [2012/09/13 14:38:58 | 000,002,086 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012/09/13 14:38:58 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk [2012/09/13 14:31:45 | 000,097,856 | ---- | M] () -- C:\Users\Markus.Ortlieb\Desktop\Softwareload Ihr Software Download Shop empfohlen von T-Online.pdf [2012/09/10 18:15:45 | 000,033,804 | ---- | M] () -- C:\Windows\System32\CcmFramework.ini [2012/09/10 18:15:45 | 000,000,621 | ---- | M] () -- C:\Windows\System32\CcmFramework.h [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/08/28 10:05:04 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2012/08/28 10:04:34 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll [2012/08/28 10:04:32 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2012/08/28 10:04:32 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll ========== Files Created - No Company Name ========== [2012/09/19 10:42:10 | 000,000,000 | ---- | C] () -- C:\Users\Markus.Ortlieb\defogger_reenable [2012/09/19 09:51:16 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/09/18 19:30:46 | 000,000,454 | ---- | C] () -- C:\user.js [2012/09/18 19:23:57 | 000,000,738 | ---- | C] () -- C:\Windows\tasks\OpenCandyHelperRun.job [2012/09/18 19:23:56 | 000,000,738 | ---- | C] () -- C:\Windows\tasks\OpenCandyHelper.job [2012/09/13 19:06:10 | 000,028,316 | ---- | C] () -- C:\Users\Markus.Ortlieb\Desktop\Gmail - Media Markt Download Shop Bestellung Nr. # 126933.pdf [2012/09/13 14:39:07 | 000,000,694 | ---- | C] () -- C:\Windows\wiso.ini [2012/09/13 14:38:58 | 000,002,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012/09/13 14:38:58 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2012.lnk [2012/09/13 14:31:45 | 000,097,856 | ---- | C] () -- C:\Users\Markus.Ortlieb\Desktop\Softwareload Ihr Software Download Shop empfohlen von T-Online.pdf [2012/09/10 18:15:45 | 000,033,804 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini [2012/09/10 18:15:45 | 000,000,621 | ---- | C] () -- C:\Windows\System32\CcmFramework.h [2012/07/03 11:35:43 | 000,038,493 | ---- | C] () -- C:\Users\Markus.Ortlieb\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2012/04/05 11:19:16 | 000,006,144 | ---- | C] () -- C:\Users\Markus.Ortlieb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/08 10:53:22 | 000,004,095 | ---- | C] () -- C:\Users\Markus.Ortlieb\AppData\Roaming\saplogon.ini [2012/03/08 10:53:17 | 000,007,550 | RHS- | C] () -- C:\Users\Markus.Ortlieb\ntuser.pol [2012/02/16 17:27:50 | 000,040,674 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/02/16 17:27:14 | 000,000,147 | ---- | C] () -- C:\Windows\SAPDOCCD.INI [2012/02/16 17:27:14 | 000,000,060 | ---- | C] () -- C:\Windows\sapmsg.ini [2012/02/16 17:27:14 | 000,000,035 | ---- | C] () -- C:\Windows\saproute.ini [2012/02/16 17:23:04 | 000,009,507 | ---- | C] () -- C:\Windows\cfgall.ini [2012/02/16 17:21:25 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll [2012/02/16 17:21:25 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll [2012/02/16 17:21:25 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll [2012/02/16 17:21:25 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll [2012/02/16 17:21:25 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll [2012/02/16 17:15:32 | 000,308,624 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll [2012/02/16 17:15:32 | 000,205,192 | ---- | C] () -- C:\Windows\System32\bipbsp.dll [2011/11/14 13:42:39 | 013,906,944 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2011/11/14 13:42:39 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin [2011/11/14 13:42:39 | 000,218,304 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin [2011/11/14 13:42:39 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin [2011/11/14 13:42:39 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2011/11/14 13:42:39 | 000,056,832 | ---- | C] () -- C:\Windows\System32\igdde32.dll [2011/11/14 13:42:39 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011/11/14 13:42:39 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2011/07/26 17:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011/07/26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011/07/26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011/07/26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011/07/26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011/05/10 16:56:47 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/05/10 16:56:44 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2010/09/27 13:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== LOP Check ========== [2012/04/05 09:36:27 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Alle meine Passworte [2012/09/13 16:40:17 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Buhl Data Service [2012/06/12 09:47:40 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Foxit Software [2012/07/04 14:37:39 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\FreeFileSync [2012/05/04 16:36:09 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\FreeFLVConverter [2012/05/23 11:36:22 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\IrfanView [2012/09/07 19:15:19 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Mp3tag [2012/09/18 19:22:46 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\OpenCandy [2012/04/05 11:04:40 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\Samsung [2012/04/08 17:27:55 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\ScreenCapturePrint [2012/09/18 19:23:48 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\TuneUp Software [2012/09/10 17:05:43 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\webex [2012/05/29 19:05:32 | 000,000,000 | ---D | M] -- C:\Users\Markus.Ortlieb\AppData\Roaming\WindSolutions ========== Purity Check ========== < End of report > Extras.txt OTL Extras logfile created on: 9/19/2012 10:33:38 AM - Run 1 OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Markus.Ortlieb\Downloads Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3.16 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 33.61% Memory free 6.33 Gb Paging File | 4.03 Gb Available in Paging File | 63.69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119.24 Gb Total Space | 38.03 Gb Free Space | 31.89% Space Free | Partition Type: NTFS Computer Name: BIBLPORTLIEB | User Name: Markus.Ortlieb | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] "PolicyVersion" = 522 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules] "{3526AF19-F8E4-4286-9A50-5729E3D5E5E3}" = v2.10|Action=Allow|Active=TRUE|Dir=In|RA4=172.16.16.0/255.255.240.0|RA4=172.16.32.0/255.255.240.0|RA4=172.16.48.0/255.255.240.0|Name=KaVo Netzwerk| [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile] "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile] "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FD867EB-CCFB-4050-B7CE-6173EB55D658}" = lport=138 | protocol=17 | dir=in | app=system | "{12B4B9D3-5CB4-4ACB-B688-9FB974CCA2DA}" = lport=137 | protocol=17 | dir=in | app=system | "{3209AC06-B058-4EE9-82FF-BC780F3910F0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{3F5E8CA5-0876-4357-B073-7D378ED8F952}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{462293CE-95A1-4733-9569-21F99388EC8A}" = rport=137 | protocol=17 | dir=out | app=system | "{51AD881E-0496-4359-AE97-766AB85A3F8E}" = rport=445 | protocol=6 | dir=out | app=system | "{55198192-207D-43EA-A7D2-1DCF344204F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{57F7DBD7-8174-44CF-AFB4-B4290B811AE2}" = rport=139 | protocol=6 | dir=out | app=system | "{59166FBF-7F0F-452F-8D75-127E76D6057D}" = lport=19330 | protocol=6 | dir=in | name=trend micro officescan listener | "{89B5C68F-E848-4391-967E-9EFC52D4CAB5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{89F3C0D8-B75F-4CB1-98AA-296D3D7FA349}" = rport=138 | protocol=17 | dir=out | app=system | "{97D71F58-670F-4B2E-B223-F12585FBEB1B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A78F05E4-DD16-4324-9F7E-0F0D0158BA10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C3842E4B-00D1-497F-B166-53512B0D5327}" = lport=139 | protocol=6 | dir=in | app=system | "{F2C7C50C-DFD5-4DF5-B1A2-31E4BBA395D7}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F1D9FAA-6918-429A-8DC8-365F3888D7D8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{24544BB4-FB2E-4AF8-917F-DF999C63C902}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{3174EC00-9EFA-469B-B515-E3DD0FF0B0B1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{3ACC0DFF-9CFE-475A-AC86-30FA3DD58901}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3FE5A7EB-763C-4DBA-ABD2-F8143DE1FACD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4EC4BFBA-F766-4E02-B791-E74EE58BEA7C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{4F9B2DBD-36CA-4B90-89DA-C1ECB8A11E18}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | "{6F3C828B-9BD5-49B7-B0F1-52A7DEB1CD71}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | "{77DBD087-FC29-4B21-BEAB-48883DCD1B28}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{822025AC-9213-4799-B6F0-D88A165DF14E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A6B3F0DA-16E8-4933-97FB-809CCD4FE4E8}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{B72F01DC-7866-4C0D-8537-F388B787F255}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{DE40D58B-787C-4894-AB33-322501B11399}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | "{ECD809E2-CB3D-46CA-912E-AF0EE1F3EBD4}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | "{EF9AC27A-908D-43C5-B2FF-572F9090AB42}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "TCP Query User{061301E8-F694-4318-A2D2-BF68CD172554}C:\program files\sonos\sonos.exe" = protocol=6 | dir=in | app=c:\program files\sonos\sonos.exe | "TCP Query User{073C94C5-99A1-49FA-B43A-30A713A7F108}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{2689121B-0AFD-4756-A597-6F9A44C8F0A5}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{A538B2EB-9BE4-434A-BB26-A7F59A127150}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{B9A28DA2-0F99-481C-82F1-52B6D343B724}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{BA3BF74B-FF9D-4189-8A6D-A8450E2D450B}C:\program files\sonos\sonos.exe" = protocol=17 | dir=in | app=c:\program files\sonos\sonos.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01E6B88D-32B1-4848-9AC7-7E2CB093EF04}" = Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten "{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012 "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20 "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30 "{27FB103C-CF82-4DA2-AE14-32D580BAB3F3}" = kavofonts "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.100 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EC64C00-4BBC-4C0A-9F95-40E3EDA72837}" = Dell System Manager "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{4EE4C49A-BE74-4A04-946A-B1E1248707BD}" = Configuration Manager Client "{4FFF8105-AE32-434C-91FC-02828C183616}" = Dell OpenManage Client Instrumentation "{52698550-7954-4776-AE83-6D7BC55794CF}" = Microsoft Policy Platform "{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7391ABC8-0EA4-3798-ACE3-96B8C8D84EA8}" = Google Talk Plugin "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}" = Sonos Controller "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007 "{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010 "{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{1B9EDD99-3021-4EFE-9BB4-5210B624E42E}" = "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.OUTLOOK_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.OUTLOOK_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOK_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.OUTLOOK_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOK_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.OUTLOOK_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.OUTLOOK_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86) "{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86) "{AB6FFA58-F491-11D3-8951-000000015799}" = iPassConnect "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = vcredist_x86 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D34598D1-07B8-4EB6-AD9A-DBDF58FFC19F}" = Adobe Shockwave Player 11.6 "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU "{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF536479-8610-4686-9E86-0B3ECA56690A}" = iPassConnect "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171 "{FBBA35E1-9449-4902-8A0F-89252C0C1407}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät "{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFFE5DAD-27EF-40C8-9C13-546224F9A2D3}" = Dell ControlVault Host Components Installer "ActiveTouchMeetingClient" = Cisco WebEx Meetings "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15 "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber MP3-Plugin "Foxit Reader_is1" = Foxit Reader "Free FLV Converter_is1" = Free FLV Converter V 7.4.0 "FreeFileSync" = FreeFileSync v5.0 "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "incredibar" = Incredibar Toolbar on IE "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.52 "Office14.OUTLOOK" = Microsoft Outlook 2010 "Picasa 3" = Picasa 3 "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SAPBI" = SAP Business Explorer "SAPGUI710" = SAP GUI for Windows 7.20 "STANDARD" = Microsoft Office Standard 2007 "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/6/2012 10:39:16 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\programdata\WebEx\WebEx\1224\CiscoWebExImporting.exe". Fehler in Manifest- oder Richtliniendatei "c:\programdata\WebEx\WebEx\1224\Microsoft.VC90.CRT.MANIFEST" in Zeile 11. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Definition: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 7/6/2012 10:39:24 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Research In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 7/6/2012 10:39:29 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 7/6/2012 10:39:32 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freefilesync\Bin\FreeFileSync_x64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 7/6/2012 10:39:33 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freefilesync\Bin\RealtimeSync_x64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 7/10/2012 5:27:46 PM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FOXIT READER.EXE, Version: 5.3.1.606, Zeitstempel: 0x4fcefe93 Name des fehlerhaften Moduls: facebook_plugin.fpi_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ed5d143 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04f62978 ID des fehlerhaften Prozesses: 0xfa8 Startzeit der fehlerhaften Anwendung: 0x01cd5ee2d7ad986b Pfad der fehlerhaften Anwendung: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE Pfad des fehlerhaften Moduls: facebook_plugin.fpi Berichtskennung: 17222862-cad6-11e1-9b76-74de2b98a529 Error - 7/10/2012 5:27:54 PM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FOXIT READER.EXE, Version: 5.3.1.606, Zeitstempel: 0x4fcefe93 Name des fehlerhaften Moduls: facebook_plugin.fpi_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ed5d143 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04cc8e73 ID des fehlerhaften Prozesses: 0xfa8 Startzeit der fehlerhaften Anwendung: 0x01cd5ee2d7ad986b Pfad der fehlerhaften Anwendung: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\FOXIT READER.EXE Pfad des fehlerhaften Moduls: facebook_plugin.fpi Berichtskennung: 1bf87ab4-cad6-11e1-9b76-74de2b98a529 Error - 7/15/2012 7:03:11 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\programdata\WebEx\WebEx\1224\CiscoWebExImporting.exe". Fehler in Manifest- oder Richtliniendatei "c:\programdata\WebEx\WebEx\1224\Microsoft.VC90.CRT.MANIFEST" in Zeile 11. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Definition: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 7/15/2012 7:03:17 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freefilesync\Bin\FreeFileSync_x64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 7/15/2012 7:03:17 AM | Computer Name = BIBLPORTLIEB.kavo.dhrmedical.org | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freefilesync\Bin\RealtimeSync_x64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". < End of report > Gmer.txt GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-09-19 11:37:42 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.AXM0 Running: xjvg1jtx.exe; Driver: C:\Users\MARKUS~1.ORT\AppData\Local\Temp\uwdoypob.sys ---- System - GMER 1.0.15 ---- SSDT 8A053D0C ZwCreateKey SSDT 8A0539C4 ZwCreateMutant SSDT 89E86124 ZwCreateProcess SSDT 8A08D514 ZwCreateProcessEx SSDT 8A053944 ZwCreateSymbolicLinkObject SSDT 8A053B0C ZwCreateThread SSDT 8A053ACC ZwCreateThreadEx SSDT 8A052804 ZwCreateUserProcess SSDT 8A0538C4 ZwDebugActiveProcess SSDT 8A053C8C ZwDeleteKey SSDT 8A053BCC ZwDeleteValueKey SSDT 8A053904 ZwDuplicateObject SSDT 8A053A04 ZwLoadDriver SSDT 8A08DC9C ZwOpenProcess SSDT 8A053B8C ZwOpenSection SSDT 8A08DBDC ZwOpenThread SSDT 8A053C4C ZwRenameKey SSDT 8A053C0C ZwRestoreKey SSDT 8A053984 ZwSetSystemInformation SSDT 8A053CCC ZwSetValueKey SSDT 8A08DC5C ZwTerminateProcess SSDT 8A08DC1C ZwTerminateThread SSDT 8A053B4C ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C4D3C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C86D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82C8DE74 4 Bytes [0C, 3D, 05, 8A] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82C8DE84 4 Bytes [C4, 39, 05, 8A] .text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 82C8DE98 8 Bytes CALL 8B9DF326 .text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 82C8DEB4 12 Bytes [44, 39, 05, 8A, 0C, 3B, 05, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 121B 82C8DED0 4 Bytes [04, 28, 05, 8A] .text ... ? System32\drivers\kweobiwf.sys Das System kann den angegebenen Pfad nicht finden. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5408] ntdll.dll!DbgUiRemoteBreakin 770FF17D 1 Byte [C3] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000092 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000094 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000005b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b98a529 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b98a529@bc4760fe8d89 0x68 0x64 0xF6 0xCD ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74de2b98a529@0c715d7e823a 0x79 0x6C 0xBB 0x1B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b98a529 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b98a529@bc4760fe8d89 0x68 0x64 0xF6 0xCD ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74de2b98a529@0c715d7e823a 0x79 0x6C 0xBB 0x1B ... ---- EOF - GMER 1.0.15 ---- |
| Themen zu Mystart-Leiste aus Firefox entfernen - Malwarebytes Fund jedoch bereits gelöscht |
| 7-zip, application/pdf:, audiograbber, avg secure search, bho, browser, cid, converter, defender, desktop, document, entfernen, error, fehler, firefox, flash player, format, incredibar toolbar, install.exe, installation, intranet, locker, logfile, monitor, mozilla, ntdll.dll, object, office 2007, officejet, plug-in, registry, richtlinie, rundll, scan, secure search, software, system, udp, vcredist, windows, wiso |
Baum-Darstellung