Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Kann Delta Search nicht löschen

Kann Delta Search nicht löschen


Plagegeister aller Art und deren Bekämpfung: Kann Delta Search nicht löschen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.04.2013, 13:37   #1
ostl
 
Kann Delta Search nicht löschen - Standard

Kann Delta Search nicht löschen


Liebes Team,
ich bin neu hier und habe sowas noch nie gemacht, deshalb bitte ich um Geduld.
Ich versuche alles so genau wie mir möglich zu beschreiben.

Also, ich habe schon ein wenig recherchiert und anscheinend haben mehrere Leute gerade das Problem mit Delta Search (ich kürze das hier mit DS ab)...
Bei mir verhält es sich so:

Habe Daemon Tools Lite installiert und alle Toolbars etc abgelehnt. (das Programm ist immer noch installiert)
Trotzdem hatte ich am nächsten Tag DS als Startseite (Firefox) und als Standardsuchmaschine oben rechts im Browserfenster. DS öffnet sich auch bei jedem neuen Tab.

LEIDER habe ich das Problem als solches erst nicht wahrgenommen, da DS fast wie Google aussieht. Ich habe also schon sehr sensible Daten (einen Tag lang) über meinen Browser kommuniziert (OnlineBanking, Emails, etc...)
Irgendwann wurde ich stutzig und hab gegoogelt... da bin ich auf Euer Board gestoßen und auf diverse andere Hilfeseiten.

Was wären denn da schlimmstenfalls die Folgen???? Habe da grad ein sehr ungutes Gefühl im Magen!



---------------------
Meine Maßnahmen bisher:
-Startseite zurückgestezt
-Suchmaschine DS in Firefox gelöscht
-Ich habe DS nicht als Programm in meiner Systemsteuerung gefunden.
-MS Security Essentials Full Scan. Kein Fund
-mrt Scan. Kein Fund.
---Das Problem mit dem neuen Tab besteht weiterhin!!!

Dann habe ich die Empfehlungen auf Eurem Board befolgt:
Defogger + OTL + Gmer
Bisher keine für mich ersichtlichen Fehlermeldungen, Unregelmäßigkeiten etc.

Ich poste jetzt hier mal für Euch die (anonymisierten) Logs dieser Scans (mit denen ich überhaupt nichts anfangen kann)

OTL Log:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.04.2013 13:13:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 57,65% Memory free
6,50 Gb Paging File | 5,12 Gb Available in Paging File | 78,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,90 Gb Total Space | 61,53 Gb Free Space | 61,59% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 155,24 Gb Free Space | 77,62% Space Free | Partition Type: NTFS
Drive E: | 400,00 Gb Total Space | 86,56 Gb Free Space | 21,64% Space Free | Partition Type: NTFS
Drive F: | 6,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 231,51 Gb Total Space | 128,09 Gb Free Space | 55,33% Space Free | Partition Type: NTFS
Drive I: | 596,17 Gb Total Space | 134,54 Gb Free Space | 22,57% Space Free | Partition Type: NTFS
Drive J: | 1,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.06 13:10:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2013.03.26 12:00:47 | 002,569,168 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.02.13 12:38:24 | 000,844,144 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013.02.13 12:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.02.13 12:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe
PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2013.02.06 07:17:56 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Programme\Samsung\Kies\KiesAirMessage.exe
PRC - [2013.02.05 10:54:40 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\NisSrv.exe
PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.02 21:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.10.02 21:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.10.07 11:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2011.09.27 21:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011.03.14 11:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Programme\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.26 12:00:47 | 002,569,168 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.03.26 11:58:33 | 002,232,272 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2013.03.02 15:03:56 | 017,357,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\0f4155c806e86a023b835d9070774f89\Kies.Theme.ni.dll
MOD - [2013.03.02 15:03:55 | 000,615,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\5afdd6b1217fcb271881226a1e288567\DevicePodcast.ni.dll
MOD - [2013.03.02 15:03:55 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\1b6f3c9a32cd1976fb79b2445e586939\DummyStorePlugin.ni.dll
MOD - [2013.03.02 15:03:54 | 000,299,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\0990965afc0db853d38d302fb30b99d5\DeviceVideo.ni.dll
MOD - [2013.03.02 15:03:53 | 000,353,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\cc31b394afc58c54cae2b7d0d8c33cf7\DevicePhoto.ni.dll
MOD - [2013.03.02 15:03:53 | 000,305,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\891deea73344519c23a915802265423e\DeviceMusic.ni.dll
MOD - [2013.03.02 15:03:52 | 000,473,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\0f2e104794d636e61f3d55852cfffea0\VideoManager.ni.dll
MOD - [2013.03.02 15:03:51 | 000,776,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\6297456e21a4d8a8a47d0e60194b8d9e\PhotoManager.ni.dll
MOD - [2013.03.02 15:03:50 | 001,929,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\9910e6c50760788df4ade3512a1dc75b\Phonebook.ni.dll
MOD - [2013.03.02 15:03:48 | 000,945,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\1ea0e7bc5e9ffb8973a555a41dedeb02\MusicManager.ni.dll
MOD - [2013.03.02 15:03:47 | 000,403,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\075f11a3e3c5d7466ef7d10419afb79e\BATPlugin.ni.dll
MOD - [2013.03.02 15:03:46 | 000,516,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\3d0e95aadf1fd4315d1b18c58bab33c1\Kies.Common.MediaDB.ni.dll
MOD - [2013.03.02 15:03:46 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\3c6667cbc29155082e58137643a1dff1\Kies.Common.StoreManager.ni.dll
MOD - [2013.03.02 15:03:45 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\a099cf3222e6345348cc01ade70c4e6c\Kies.Common.DBManager.ni.dll
MOD - [2013.03.02 15:03:45 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\4ddf2ac626ac624a1c66d0809971b790\Kies.Common.AllShare.ni.dll
MOD - [2013.03.02 15:03:44 | 000,205,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\b0aeee8058ad9ab5ecd5aa762d5a6bc8\Kies.Common.MainUI.ni.dll
MOD - [2013.03.02 15:03:44 | 000,109,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\657f2c28fc2068324d9b0f1d9d596361\Kies.Common.CRMManager.ni.dll
MOD - [2013.03.02 15:03:43 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\9e94c0940670be8f03fb392555ec10d4\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013.03.02 15:03:42 | 000,572,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3e9bfbd5f2cf47b8d36c1c4a9a5699c8\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013.03.02 15:03:42 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\9a1d52e92dab2e5f906e4edae93b8b8c\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013.03.02 15:03:42 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\fa06b799153f9c28c1866319b3db5580\Interop.DevFileServiceLib.ni.dll
MOD - [2013.03.02 15:03:41 | 001,098,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\82eec106b67d4157992849bbceebeb9d\Kies.Common.DeviceService.ni.dll
MOD - [2013.03.02 15:03:39 | 001,138,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\ef627a7ca32c8920ad424bd2b8a943f4\Podcaster.ni.dll
MOD - [2013.03.02 15:03:37 | 000,732,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\ef5aedc86c6201d04b7995cfad101d83\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013.03.02 15:03:31 | 000,040,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d77da7b6668e27f63af7da941e221304\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013.03.02 15:03:30 | 000,926,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3ce743f82e40c5adc6bc730a9860e378\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013.03.02 15:03:29 | 002,209,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\47a3f099c846efd95dc77e747cec3352\Kies.Common.Multimedia.ni.dll
MOD - [2013.03.02 15:03:29 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\29e8db641e3708219f13d2a3b7528278\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013.03.02 15:03:26 | 000,628,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3b6f9e55f91ad125179632bf47619a22\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013.03.02 15:03:26 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0ec1f5148809454e7dd63148636a05b2\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013.03.02 15:03:21 | 006,797,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\c62836fb7dc5cd7e4bd0548d6ac5b34c\DeviceHost.ni.dll
MOD - [2013.03.02 15:03:16 | 000,281,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\2084ac4cdf9ded52ab71b038e5b39495\Kies.Common.Util.ni.dll
MOD - [2013.03.02 15:03:15 | 001,599,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\5cf4d41e6de5af4c27e7b66b172f73df\Kies.Locale.ni.dll
MOD - [2013.03.02 15:03:14 | 001,928,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7e54989d439c94a9254051e9c17d5650\Kies.UI.ni.dll
MOD - [2013.03.02 15:03:14 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\48c087dd6e18fcbd057e0b1dd6cfa2fd\Kies.MVVM.ni.dll
MOD - [2013.03.02 15:03:11 | 001,246,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\121e5c7e1639a49775b9d843694ba3aa\Kies.Interface.ni.dll
MOD - [2013.03.02 15:03:10 | 002,114,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\17b7b598c879d6cb53a38b9e00d7a752\Kies.ni.exe
MOD - [2013.02.16 13:55:40 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f69842a59a80267c673735eab7b0bcd3\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013.02.16 13:55:36 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2013.01.11 10:09:54 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll
MOD - [2013.01.11 10:09:46 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013.01.11 10:09:46 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013.01.11 10:09:46 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013.01.11 10:09:37 | 000,743,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0969ff5a4924da7d8c6ebd3fca8f154b\ICSharpCode.SharpZipLib.ni.dll
MOD - [2013.01.11 10:09:36 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll
MOD - [2013.01.11 10:09:35 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll
MOD - [2013.01.11 10:09:09 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll
MOD - [2013.01.11 10:09:02 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.10 18:38:58 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
MOD - [2013.01.10 18:38:46 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.01.10 18:38:36 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.01.10 18:38:33 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.10 18:38:30 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.01.10 18:38:29 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.01.10 18:38:22 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.10 18:38:17 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.10.07 11:41:16 | 000,879,896 | ---- | M] () -- C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.26 12:00:47 | 002,569,168 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.03.15 13:42:31 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.11 15:23:52 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.05 10:54:40 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.03 00:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - [2013.04.06 10:54:57 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1921DBDF-4C44-4557-9E3B-9BBD4E84932B}\MpKsl35145b9f.sys -- (MpKsl35145b9f)
DRV - [2013.04.04 23:46:50 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.10.03 00:20:00 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.06.27 10:37:56 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2012.06.27 10:37:56 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2012.06.27 10:37:56 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2012.06.27 10:37:56 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2012.06.27 10:37:56 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2012.02.28 21:29:58 | 000,023,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\MOSTER~1\AppData\Local\Temp\GPU-Z.sys -- (GPU-Z)
DRV - [2011.09.02 08:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.11.20 23:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010.11.20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A C9 D4 AA 91 F4 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Delta Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.sueddeutsche.de/"
FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.24.0.9
FF - prefs.js..extensions.enabledAddons: block%40adblockplus.org:2.2.13
FF - prefs.js..extensions.enabledAddons: %7B8B2AC248-3917-41cf-82A8-A583EBA5418C%7D:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B0F827075-B026-42F3-885D-98981EE7B1AE%7D:2.6.1125.80
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.02.27 12:16:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.28 15:07:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.11 15:23:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.11 15:23:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.04.04 23:48:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.11 15:23:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.11 15:23:20 | 000,000,000 | ---D | M]
 
[2012.02.26 16:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.04.05 12:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6710fmeu.default\extensions
[2012.12.22 21:38:26 | 000,000,000 | ---D | M] (AdblockPlus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6710fmeu.default\extensions\block@adblockplus.org
[2012.02.27 21:30:12 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6710fmeu.default\extensions\DeviceDetection@logitech.com
[2013.03.21 17:37:33 | 000,002,558 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6710fmeu.default\extensions\{8B2AC248-3917-41cf-82A8-A583EBA5418C}.xpi
[2013.04.04 23:48:02 | 000,001,294 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6710fmeu.default\searchplugins\delta.xml
[2012.11.04 17:13:12 | 000,002,080 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6710fmeu.default\searchplugins\eurobuchcom-stichwort.xml
[2012.03.27 15:39:51 | 000,002,446 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\6710fmeu.default\searchplugins\wiktionary-de.xml
[2013.03.11 15:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.11 15:23:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.04 23:48:13 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1125.80\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
[2013.03.11 15:23:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.06 22:58:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.04 23:47:45 | 000,006,510 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.09.03 17:57:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.06 22:58:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.06 22:58:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.06 22:58:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.06 22:58:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Yealt Class) - {40C78C4E-5AE5-4762-9B7D-D2DE31B03B77} - C:\Windows\System32\yealt.dll (Yealt)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AdblockPlus) - {9FD6379A-EF46-4193-BC64-99F59DF1334F} - C:\Users\***\AppData\LocalLow\AdblockPlus\IE\AdblockPlus.dll (Wladimir Palant)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4285E7A5-F13C-4EF6-8CE1-8454A57D33D2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6C8BDBD-3ABE-4E7A-B749-C927C820E9A4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF8F7601-EF3F-4B2B-971B-12733683FD23}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.03.06 20:00:54 | 000,131,720 | R--- | M] (InstallShield Software Corporation) - F:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.02.22 17:08:27 | 000,058,601 | R--- | M] () - F:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2008.02.22 17:08:27 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.02.22 17:08:44 | 000,000,382 | R--- | M] () - F:\autorun.ini -- [ UDF ]
O32 - AutoRun File - [2005.10.19 00:01:12 | 000,000,000 | R--D | M] - J:\Autorun -- [ UDF ]
O32 - AutoRun File - [2005.10.15 09:42:09 | 000,253,952 | R--- | M] (Firaxis Games) - J:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.10.15 09:42:09 | 000,004,118 | R--- | M] () - J:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{097f6b89-6081-11e1-99af-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{097f6b89-6081-11e1-99af-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2008.03.06 20:00:54 | 000,131,720 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{30f43e09-9d6e-11e2-9256-0021853f246b}\Shell - "" = AutoRun
O33 - MountPoints2\{30f43e09-9d6e-11e2-9256-0021853f246b}\Shell\AutoRun\command - "" = J:\autorun.exe -- [2005.10.15 09:42:09 | 000,253,952 | R--- | M] (Firaxis Games)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.06 10:52:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board-Dateien
[2013.04.04 23:57:12 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Games
[2013.04.04 23:57:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\My Games
[2013.04.04 23:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2013.04.04 23:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\Firaxis Games
[2013.04.04 23:48:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.04.04 23:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.04.04 23:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.04.04 23:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.04.04 23:47:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon
[2013.04.04 23:46:50 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.04.04 23:46:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2013.04.04 23:46:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenCandy
[2013.04.04 23:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2013.04.04 23:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.04.04 23:41:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss
[2013.03.21 17:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIO Player
[2013.03.21 17:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\VIO Player
[2013.03.21 17:37:34 | 000,137,728 | ---- | C] (Yealt) -- C:\Windows\System32\yealt.dll
[2013.03.21 17:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.03.11 15:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.06 13:06:15 | 000,000,156 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.04.06 12:42:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.06 10:52:04 | 000,070,837 | ---- | M] () -- C:\Users\***\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.htm
[2013.04.06 10:43:20 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.06 10:43:20 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.06 10:42:57 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.06 10:42:57 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.06 10:42:57 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.06 10:42:57 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.06 10:35:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.06 10:35:43 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.04 23:50:29 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\Sid Meier's Civilization 4 starten.lnk
[2013.04.04 23:47:32 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.04.04 23:46:50 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2013.04.02 18:39:50 | 000,001,016 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.02 18:39:23 | 000,000,994 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk
[2013.03.21 17:37:34 | 000,137,728 | ---- | M] (Yealt) -- C:\Windows\System32\yealt.dll
[2013.03.21 17:34:08 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.06 13:06:14 | 000,000,156 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.04.06 10:51:59 | 000,070,837 | ---- | C] () -- C:\Users\***\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.htm
[2013.04.04 23:50:29 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\Sid Meier's Civilization 4 starten.lnk
[2013.04.04 23:47:32 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.04.02 18:39:50 | 000,001,016 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.21 17:34:08 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.03.01 21:29:07 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013.03.01 21:29:07 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2012.10.29 13:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.10.29 13:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.10.29 13:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.10.29 13:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.10.29 13:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.06.16 19:55:46 | 000,138,992 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.06.16 19:55:39 | 000,281,152 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.06.16 19:55:13 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.04.12 03:30:05 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.04.04 23:47:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2013.04.04 23:49:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2013.04.06 10:36:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.04.18 10:19:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.02.27 21:41:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2013.01.23 14:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2012.05.31 11:28:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MP3toiPodAudioBookConverter
[2013.04.04 23:57:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games
[2013.04.04 23:46:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2013.01.09 14:20:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.02.27 12:27:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2012.02.28 00:11:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2013.03.23 17:09:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---


-------------------------------

Extras Log
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.04.2013 13:13:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 57,65% Memory free
6,50 Gb Paging File | 5,12 Gb Available in Paging File | 78,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,90 Gb Total Space | 61,53 Gb Free Space | 61,59% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 155,24 Gb Free Space | 77,62% Space Free | Partition Type: NTFS
Drive E: | 400,00 Gb Total Space | 86,56 Gb Free Space | 21,64% Space Free | Partition Type: NTFS
Drive F: | 6,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 231,51 Gb Total Space | 128,09 Gb Free Space | 55,33% Space Free | Partition Type: NTFS
Drive I: | 596,17 Gb Total Space | 134,54 Gb Free Space | 22,57% Space Free | Partition Type: NTFS
Drive J: | 1,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E00B43C5-3CB3-4B39-BB84-3D3F3E269BF0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055112B0-35DB-41E8-82D9-F532ACF70C05}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{097B2361-FB97-40A3-8D88-684ECF618BFB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{1816AC67-DA6D-4B4E-83F5-2A0C48EFF5B1}" = protocol=17 | dir=in | app=d:\games\bf2\bf2.exe | 
"{1FBF43EF-F1AD-41DB-B679-EFAA00655CA9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{3BB4B225-C65E-4D05-8A4C-26CBC77E1DD9}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{3F5877E9-3950-4114-A1FB-1C6020A495AB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{404A32E2-27B4-4ECA-9172-1178924A3999}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{483EF5F0-0EA6-4266-BEC0-3F92C74AC12E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{4AFC90D1-D6AC-47BE-A161-2288458E36D0}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{6B0082D6-B58C-4E4A-A149-EE5C728617D6}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7DF2A8CA-9F72-4A20-B3AF-10C882343A41}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{8E73FCED-6323-41EE-BEE2-BC4B348DD3F5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A2D620B2-8AFF-43EC-B624-7D212719D424}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{B3CE37D4-C9F8-4E78-93A7-DF02E610C54F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{BBDD0389-1AFB-4759-AB7A-08B9798D8F91}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{D5800C6D-86DE-4390-AD7A-651DB96DD899}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D7C65B1E-6F42-406C-85A1-97A84FB50813}" = protocol=6 | dir=in | app=d:\games\bf2\bf2.exe | 
"{E134BF98-1F92-4890-AB39-B01C7DA53D92}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{E386AC84-6ABF-4109-B30F-F25524A04ACD}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{FB40C87A-B55C-411D-BAB7-001D9A90CD54}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FC0A5C0D-947C-4E13-BD71-7025D34CD953}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{84110888-4140-49DC-89DB-2F789B4761C3}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe | 
"TCP Query User{93AF47ED-6F6F-45D3-9B2D-49714D1D3B71}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{6EB15706-3263-4A85-979F-513A7374291B}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe | 
"UDP Query User{72B2C5EE-D268-427C-BBD6-DD3CCBA8762D}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{2A9009E1-122C-4692-B442-A750C0DE7BA1}_is1" = VIO Player version 1.2
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudibleDownloadManager" = Audible Download Manager
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"ElsterFormular 13.1.1.8531u" = ElsterFormular
"GameSpy Arcade" = GameSpy Arcade
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.50
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Scrivener 1250" = Scrivener Update
"Soulseek2" = SoulSeek 157 NS 13e
"sp6" = Logitech SetPoint 6.32
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.04.2013 04:07:22 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.04.2013 09:27:27 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 4b8 Startzeit: 01ce2f8d28c071d0 Endzeit: 11 Anwendungspfad: 
C:\Program Files\Windows Media Player\wmplayer.exe Berichts-ID: 0ddcaf09-9b99-11e2-9fb9-0021853f246b
 
 
Error - 02.04.2013 09:32:29 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 12.0.7601.17514 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1268 Startzeit: 01ce2fa5de701738 Endzeit: 6 Anwendungspfad: 
C:\Program Files\Windows Media Player\wmplayer.exe Berichts-ID: c182495b-9b99-11e2-9fb9-0021853f246b
 
 
Error - 03.04.2013 05:32:06 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.04.2013 02:48:29 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.04.2013 17:27:36 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.04.2013 05:52:04 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.04.2013 12:04:43 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 19.0.2.4814,
Zeitstempel: 0x5138a1d3 Name des fehlerhaften Moduls: xul.dll, Version: 19.0.2.4814,
Zeitstempel: 0x5138a0ed Ausnahmecode: 0xc0000005 Fehleroffset: 0x00172818 ID des fehlerhaften
Prozesses: 0x15d8 Startzeit der fehlerhaften Anwendung: 0x01ce31f03b40f408 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: 86b0f832-9e0a-11e2-98b6-0021853f246b
 
Error - 05.04.2013 19:19:39 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.04.2013 04:37:35 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 28.06.2012 17:30:54 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 23:30:53 - Fehler beim Herstellen der Internetverbindung. 23:30:54 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 28.06.2012 17:31:05 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 23:30:59 - Fehler beim Herstellen der Internetverbindung. 23:30:59 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 12.07.2012 05:23:38 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 11:23:38 - Fehler beim Herstellen der Internetverbindung. 11:23:38 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 12.07.2012 05:23:47 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 11:23:43 - Fehler beim Herstellen der Internetverbindung. 11:23:43 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 19.07.2012 13:58:55 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 19:58:55 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.) 
 
Error - 21.07.2012 14:32:09 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 20:32:09 - Fehler beim Herstellen der Internetverbindung. 20:32:09 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 21.07.2012 14:32:19 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 20:32:14 - Fehler beim Herstellen der Internetverbindung. 20:32:14 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 18.08.2012 17:59:23 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 23:59:17 - Fehler beim Herstellen der Internetverbindung. 23:59:17 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 22.08.2012 03:23:14 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 09:23:14 - Fehler beim Herstellen der Internetverbindung. 09:23:14 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 22.08.2012 03:23:24 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 09:23:19 - Fehler beim Herstellen der Internetverbindung. 09:23:19 
- Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 04.04.2013 06:34:21 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 04.04.2013 06:34:22 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 04.04.2013 17:28:03 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
 
Error - 04.04.2013 17:28:03 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
 
Error - 05.04.2013 05:52:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
 
Error - 05.04.2013 05:52:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
 
Error - 05.04.2013 19:20:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
 
Error - 05.04.2013 19:20:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
 
Error - 06.04.2013 04:38:06 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
 
Error - 06.04.2013 04:38:06 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
 
 
< End of report >
--- --- ---


----------------------------

Gmer Log:
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-06 14:02:59
Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-6 WDC_WD10EARS-00MVWB0 rev.51.0AB51 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\MOSTER~1\AppData\Local\Temp\kfryiuoc.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A939E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ACD1C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
 
---- User code sections - GMER 2.1 ----
 
.text C:\Windows\system32\FsUsbExService.Exe[392] USER32.dll!DialogBoxParamW 75FD3B9B 5 Bytes JMP 74E64620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
.text C:\Windows\system32\wininit.exe[444] USER32.dll!DialogBoxParamW 75FD3B9B 5 Bytes JMP 74E64620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
.text C:\Windows\system32\winlogon.exe[488] USER32.dll!DialogBoxParamW 75FD3B9B 5 Bytes JMP 74E64620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
.text C:\Windows\system32\services.exe[544] USER32.dll!DialogBoxParamW 75FD3B9B 5 Bytes JMP 74E64620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
.text C:\Windows\system32\lsass.exe[560] USER32.dll!DialogBoxParamW 75FD3B9B 5 Bytes JMP 74E64620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
.text ... 
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3208] ntdll.dll!DbgBreakPoint 76F7410C 1 Byte [C3]
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3208] ntdll.dll!DbgUiRemoteBreakin 76FDF17D 5 Bytes JMP 76F9E342 C:\Windows\SYSTEM32\ntdll.dll
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3208] USER32.dll!DialogBoxParamW 75FD3B9B 5 Bytes JMP 74E64620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
.text C:\Windows\system32\SearchIndexer.exe[3516] USER32.dll!DialogBoxParamW 75FD3B9B 5 Bytes JMP 74E64620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3544] USER32.dll!DialogBoxParamW 75FD3B9B 5 Bytes JMP 74E64620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3604] kernel32.dll!FindResourceW 770D5517 5 Bytes JMP 00440980 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3604] kernel32.dll!FindResourceA 770DA4BD 5 Bytes JMP 00440930 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3604] USER32.dll!LoadStringA 75FB66A7 5 Bytes JMP 00441110 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3604] USER32.dll!LoadStringW 75FBDFBA 5 Bytes JMP 00440FD0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3604] USER32.dll!LoadMenuW 75FBF214 5 Bytes JMP 00440B40 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3604] USER32.dll!LoadMenuA 75FCF92C 5 Bytes JMP 00440AD0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3604] USER32.dll!CreateDialogParamA 75FD1F42 5 Bytes JMP 004409D0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3604] USER32.dll!DialogBoxParamW 75FD3B9B 5 Bytes JMP 74E64620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3604] USER32.dll!CreateDialogParamW 75FE5630 5 Bytes JMP 00440A50 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
.text C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe[3648] USER32.dll!DialogBoxParamW 75FD3B9B 5 Bytes JMP 74E64620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3688] USER32.dll!DialogBoxParamW 75FD3B9B 5 Bytes JMP 74E64620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4012] USER32.dll!DialogBoxParamW 75FD3B9B 5 Bytes JMP 74E64620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
.text C:\Users\***\Downloads\gmer_2.1.19163.exe[4112] USER32.dll!DialogBoxParamW 75FD3B9B 5 Bytes JMP 74E64620 c:\progra~2\browse~1\261125~1.80\{c16c1~1\browse~1.dll
 
---- Devices - GMER 2.1 ----
 
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
 
---- EOF - GMER 2.1 ----
--- --- ---







Falls ich diese Logs irgendwie anders formatieren soll, damit es für Euch einfacher ist, müsst Ihr es mir sagen... habe da keine Ahnung.

Edit: (Da ich es in einem anderen Thread gelesen habe) Ich habe diese 3 Programme nicht direkt vom Desktop laufen lassen, sondern in meinen Download-Ordner geladen und dort direkt die exe-Dateien ausgeführt...
Macht das einen Unterschied???

Vielen Dank schon mal, dass Ihr Euch meinem Problem annehmt!!!
Geändert von ostl (06.04.2013 um 14:03 Uhr)

 

Themen zu Kann Delta Search nicht löschen
autorun, defender, ebanking, explorer, flash player, google, install.exe, kein fund, ntdll.dll, object, programm, pup.hacktool.patcher, pup.riskwaretool.ck, registry, riskware.tool.ck, senden, services.exe, trojan.downloader, windows


« Trojanerbefund(mehr als 1er) | BOO/Sinowal.a Virus auf externer Festplatte »


Ähnliche Themen: Kann Delta Search nicht löschen


  1. Search d.p Engine. Ist das Delta-Search? Wenn nein, egal ich werde es nicht mehr los
    Log-Analyse und Auswertung - 27.01.2014 (11)
  2. Delta search ist nicht weg zu bekommen
    Log-Analyse und Auswertung - 07.08.2013 (3)
  3. Delta Search löschen - "dds+.exe ist keine zulässige Win32-Anwendung"
    Log-Analyse und Auswertung - 05.07.2013 (33)
  4. delta-search löschen
    Log-Analyse und Auswertung - 03.06.2013 (3)
  5. Löschen Toolbar Delta Search (Win 8)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (11)
  6. Programme nicht löschbar - Delta Search evtl. nicht sicher entfernt.
    Plagegeister aller Art und deren Bekämpfung - 26.05.2013 (17)
  7. Search.b1.org wie kann ich das löschen ?
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (13)
  8. search.b1.org wie kann ich das löschen ?
    Plagegeister aller Art und deren Bekämpfung - 02.05.2013 (11)
  9. Firefox "Neuer Tab": mixidj.delta-search.com, lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 27.04.2013 (24)
  10. Delta Search nicht entfernbar!
    Log-Analyse und Auswertung - 27.04.2013 (9)
  11. Delta Search mit Spybot entfernt; Delta Search taucht jedoch in neuen Tab trotzdem auf
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  12. Delta-Search lässt sich nicht löschen!
    Plagegeister aller Art und deren Bekämpfung - 12.04.2013 (7)
  13. Delta search läßt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (11)
  14. delta search - ich werd das nicht wieder los :-(
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (13)
  15. @ryder: Delta Search löschen
    Log-Analyse und Auswertung - 23.02.2013 (3)
  16. Delta Search löschen aber wie?
    Log-Analyse und Auswertung - 17.02.2013 (6)
  17. Firefox Delta search Tab löschen
    Plagegeister aller Art und deren Bekämpfung - 10.02.2013 (14)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Kann Delta Search nicht löschen - Liebes Team, ich bin neu hier und habe sowas noch nie gemacht, deshalb bitte ich um Geduld. Ich versuche alles so genau wie mir möglich zu beschreiben. Also, ich habe - Kann Delta Search nicht löschen...
Archiv
Du betrachtest: Kann Delta Search nicht löschen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130