| big_deal | 13.03.2013 20:01 |
Zitat:
C:\ProgramData\MPK (Refog.Keylogger) -> Keine Aktion durchgeführt.
Hast du dieses Ding bewusst selbst auf deinem Rechner installiert?
| => Nein, ist mir nicht bekannt!
Wie es scheint, sind meine KeePass Dateien flöten gegangen :-(
Hier die Logs Code:
# AdwCleaner v2.114 - Datei am 13/03/2013 um 18:43:55 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\***\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kpef7zhq.default\jetpack
Ordner Gelöscht : C:\Users\***\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kpef7zhq.default\prefs.js
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kpef7zhq.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Freeware.de Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=C[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.apn_dbr", "ff_16.0.2");
Gelöscht : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Gelöscht : user_pref("extensions.asktb.cbid", "^AGS");
Gelöscht : user_pref("extensions.asktb.config-updated", false);
Gelöscht : user_pref("extensions.asktb.crumb", "2012.11.08+10.18.28-toolbar007iad-DE-RnJhbmtmdXJ0IEFtIE1haW4sR2[...]
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://{domainName}/web?q={query}&o={o}&l={l[...]
Gelöscht : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Gelöscht : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Gelöscht : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.guid", "1538dfba-4591-4031-aecd-f2488808cd37");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.asktb.if", "first");
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1352399199030");
Gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Gelöscht : user_pref("extensions.asktb.localePref", true);
Gelöscht : user_pref("extensions.asktb.location", "Frankfurt Am Main,Germany");
Gelöscht : user_pref("extensions.asktb.o", "APN10261");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "3");
Gelöscht : user_pref("extensions.asktb.sa", "YES");
Gelöscht : user_pref("extensions.asktb.saguid", "B15D236C-F602-4471-A158-CF996738687F");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gelöscht : user_pref("extensions.asktb.socialmini-first", true);
Gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelöscht : user_pref("extensions.asktb.socialmini-speed", "5000");
Gelöscht : user_pref("extensions.asktb.themeid", "");
Gelöscht : user_pref("extensions.asktb.timeinstalled", "08.11.2012 19:20:03");
Gelöscht : user_pref("extensions.asktb.to", "");
Gelöscht : user_pref("extensions.asktb.v", "3.15.11.100015");
Gelöscht : user_pref("extensions.asktb.version", "5.15.11.30498");
Gelöscht : user_pref("extensions.facemoods.aflt", "_#ddr");
Gelöscht : user_pref("extensions.facemoods.firstRun", false);
Gelöscht : user_pref("extensions.facemoods.lastActv", "18");
Gelöscht : user_pref("tfp.CT2736476", true);
-\\ Google Chrome v25.0.1364.152
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [12848 octets] - [13/03/2013 18:43:55]
########## EOF - C:\AdwCleaner[S1].txt - [12909 octets] ##########
Code:
ComboFix 13-03-13.02 - *** 13.03.2013 18:53:49.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4087.2352 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\kp
c:\program files (x86)\kp\AJS.kdbx
c:\program files (x86)\kp\German.lngx
c:\program files (x86)\kp\KeePass.chm
c:\program files (x86)\kp\KeePass.config.xml
c:\program files (x86)\kp\KeePass.exe
c:\program files (x86)\kp\KeePass.exe.config
c:\program files (x86)\kp\KeePass.XmlSerializers.dll
c:\program files (x86)\kp\KeePassLibC32.dll
c:\program files (x86)\kp\KeePassLibC64.dll
c:\program files (x86)\kp\License.txt
c:\program files (x86)\kp\plugins\KeePassRPC.plgx
c:\program files (x86)\kp\ShInstUtil.exe
c:\program files (x86)\kp\XSL\KDB4_DetailsFull.xsl
c:\program files (x86)\kp\XSL\KDB4_DetailsLite.xsl
c:\program files (x86)\kp\XSL\KDB4_PasswordsOnly.xsl
c:\program files (x86)\kp\XSL\KDB4_Styles.css
c:\program files (x86)\kp\XSL\KDB4_Tabular.xsl
c:\program files (x86)\kp\XSL\TableHeader.gif
c:\program files (x86)\WinPCap
c:\program files (x86)\WinPCap\install.log
c:\program files (x86)\WinPCap\rpcapd.exe
c:\program files (x86)\WinPCap\Uninstall.exe
c:\programdata\60a7806a-0eea-424c-a464-20f4730cd631
c:\programdata\MPK
c:\programdata\MPK\1\D0000
c:\programdata\MPK\M0000
c:\programdata\MPK\S0000
c:\users\***\AppData\Local\lame_enc.dll
c:\users\***\AppData\Local\no23xwrapper.dll
c:\users\***\AppData\Local\ogg.dll
c:\users\***\AppData\Local\vorbis.dll
c:\users\***\AppData\Local\vorbisenc.dll
c:\users\***\AppData\Local\vorbisfile.dll
c:\users\***\AppData\Roaming\odbcjt32D.dll
c:\windows\SysWow64\logs
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_conhost.exe pid: 1548 24: c:\windows\System32\de-DE\conhost.exe.mui
-------\Service_conhost.exe pid: 4288 24: c:\windows\System32\de-DE\conhost.exe.mui
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_Handle v3.42
-------\Service_lsm.exe pid: 708 294: c:\windows\System32\de-DE\lsm.exe.mui
-------\Service_NPF
-------\Service_svchost.exe pid: 2264 100: \BaseNamedObjects\HPZipm12.exeCommandMapPort
-------\Service_Sysinternals - www.sysinternals.com
-------\Service_wlanext.exe pid: 1540 44: c:\windows\System32\de-DE\wlanext.exe.mui
-------\Service_wmpnetwk.exe pid: 540 3C: c:\program files\Windows Media Player\de-DE\wmpnetwk.exe.mui
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-13 bis 2013-03-13 ))))))))))))))))))))))))))))))
.
.
2013-03-13 18:09 . 2013-03-13 18:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-13 18:09 . 2013-03-13 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-11 20:28 . 2013-03-11 20:46 -------- d-----w- c:\users\***\AppData\Roaming\QuickScan
2013-03-11 17:38 . 2013-03-11 17:38 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-03-11 17:38 . 2013-03-11 17:38 -------- d-----w- c:\programdata\Malwarebytes
2013-03-11 17:38 . 2013-03-11 17:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-11 17:38 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-11 17:37 . 2013-03-11 17:37 -------- d-----w- c:\users\***\AppData\Local\Programs
2013-03-01 18:30 . 2013-02-05 08:54 37344 ----a-w- c:\windows\SysWow64\FsUsbExDisk.Sys
2013-03-01 18:30 . 2013-02-05 08:54 233472 ----a-w- c:\windows\SysWow64\FsUsbExService.Exe
2013-03-01 18:30 . 2012-12-18 09:08 110592 ----a-w- c:\windows\SysWow64\FsUsbExDevice.Dll
2013-03-01 18:28 . 2013-03-01 18:28 -------- d-----w- c:\program files (x86)\MarkAny
2013-03-01 18:27 . 2013-03-01 18:27 -------- d-----w- c:\users\***\AppData\Local\Samsung
2013-03-01 18:27 . 2013-03-01 18:27 -------- d-----w- c:\users\***\AppData\Roaming\Samsung
2013-02-19 20:02 . 2013-02-19 20:03 -------- d-----w- c:\users\***\AppData\Local\Google
2013-02-18 19:31 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-18 19:31 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-18 18:39 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-18 18:39 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-18 18:39 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-18 18:39 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-18 18:39 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-18 18:39 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-18 18:39 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-18 18:39 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-18 18:39 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-18 18:39 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-18 18:39 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-18 18:39 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-15 18:58 . 2013-02-15 18:58 106088 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 19:42 . 2012-03-30 11:03 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-28 19:42 . 2011-06-02 08:32 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-18 19:36 . 2010-10-30 14:38 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-11 11:38 . 2013-02-11 11:38 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-02-11 11:38 . 2013-02-11 11:38 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-11 11:38 . 2013-02-11 11:38 310688 ----a-w- c:\windows\system32\javaws.exe
2013-02-11 11:38 . 2013-02-11 11:38 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-11 11:38 . 2010-01-09 00:29 188832 ----a-w- c:\windows\system32\javaw.exe
2013-02-11 11:38 . 2010-01-09 00:29 188320 ----a-w- c:\windows\system32\java.exe
2013-02-10 14:53 . 2012-05-15 07:16 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-10 14:53 . 2010-10-30 14:06 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-04 04:43 . 2013-02-18 18:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-22 19:45 . 2012-12-22 19:45 29696 ----a-w- c:\windows\SysWow64\sfx32.dll
2012-12-22 19:45 . 2012-12-22 19:45 120320 ----a-w- c:\windows\SysWow64\czip.ocx
2012-12-18 09:06 . 2013-01-27 19:09 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-12-18 09:06 . 2012-12-18 09:06 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-12-18 09:06 . 2012-12-18 09:06 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-12-18 09:06 . 2012-12-18 09:06 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-12-18 09:06 . 2012-12-18 09:06 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-12-18 09:06 . 2012-12-18 09:06 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-12-18 09:06 . 2012-12-18 09:06 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-12-18 09:06 . 2012-12-18 09:06 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-12-18 09:06 . 2012-12-18 09:06 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-12-18 09:06 . 2012-12-18 09:06 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-12-18 09:06 . 2012-12-18 09:06 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-12-18 09:06 . 2012-12-18 09:06 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-12-18 09:06 . 2012-12-18 09:06 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-12-18 09:06 . 2012-12-18 09:06 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-12-18 09:06 . 2012-12-18 09:06 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-12-18 09:06 . 2012-12-18 09:06 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-12-18 09:06 . 2012-12-18 09:06 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-12-18 09:06 . 2012-12-18 09:06 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-12-18 09:06 . 2012-12-18 09:06 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-12-18 09:06 . 2012-12-18 09:06 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-12-18 09:06 . 2012-12-18 09:06 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-12-18 09:06 . 2012-12-18 09:06 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-12-18 09:06 . 2012-12-18 09:06 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-12-18 09:06 . 2012-12-18 09:06 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-12-18 09:06 . 2012-12-18 09:06 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-12-18 09:06 . 2012-12-18 09:06 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-12-18 09:06 . 2012-12-18 09:06 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-12-18 09:06 . 2012-12-18 09:06 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-12-18 09:06 . 2012-12-18 09:06 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-12-18 09:06 . 2013-01-27 19:09 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-12-16 17:11 . 2012-12-22 10:20 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 10:20 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 10:20 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 10:20 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-02-06 578560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HamaKMCONFIG"="c:\program files (x86)\Hama Keyboard and Mouse driver V6.0\StartAutorun.exe" [2008-05-29 212992]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-18 385248]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RBTray.lnk - c:\program files (x86)\RBTray\64bit\RBTray.exe [2010-12-14 48128]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"KeePass 2 PreLoad"="h:\firefoxportable\KeePass Password Safe 2\KeePass.exe" --preload
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"hpqSRMon"=c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
"QlbCtrl.exe"=c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
.
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-02-18 565472]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS [2013-02-05 37344]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 pbfilter;pbfilter;c:\program files (x86)\PeerBlock\pbfilter.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-10-03 258560]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2011-12-19 117040]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-01 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-25 834544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 130864]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-18 86752]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Hama Keyboard and Mouse driver V6.0\KMWDSrv.exe [2009-07-01 197120]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 165680]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:42]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3090101874-2806636729-3830283988-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-19 20:02]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3090101874-2806636729-3830283988-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-19 20:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.myheritage.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 189.23.208.37:6588
mSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{022C3AE6-BD42-46DB-873B-15FC10FB7A9E}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kpef7zhq.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?q=
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-03-11 21:27; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kpef7zhq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
Wow6432Node-HKCU-Run-TNQVOHPD - c:\users\***\AppData\Roaming\odbcjt32D.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Free DVD Decrypter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5} - c:\program files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe
AddRemove-KeePassPasswordSafe2_is1 - h:\firefoxportable\KeePass Password Safe 2\unins000.exe
AddRemove-WinPcapInst - c:\program files (x86)\WinPcap\uninstall.exe
AddRemove-{01FB4998-33C4-4431-85ED-079E3EEFE75D} - c:\program files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe
AddRemove-{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} - c:\program files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe
AddRemove-{3023EBDA-BF1B-4831-B347-E5018555F26E} - c:\program files (x86)\InstallShield Installation Information\{3023EBDA-BF1B-4831-B347-E5018555F26E}\setup.exe
AddRemove-{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
AddRemove-{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5} - c:\program files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe
AddRemove-{67626E09-5366-4480-8F1E-93FADF50CA15} - c:\program files (x86)\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\setup.exe
AddRemove-{B2EE25B9-5B00-4ACF-94F0-92433C28C39E} - c:\program files (x86)\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe
AddRemove-{C59C179C-668D-49A9-B6EA-0121CCFC1243} - c:\program files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
AddRemove-{CB099890-1D5F-11D5-9EA9-0050BAE317E1} - c:\program files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe
AddRemove-{DCCAD079-F92C-44DA-B258-624FC6517A5A} - c:\program files (x86)\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe
AddRemove-{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5} - c:\program files (x86)\InstallShield Installation Information\{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}\setup.exe
AddRemove-{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF} - c:\program files (x86)\InstallShield Installation Information\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}\setup.exe
.
.
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe pid: 1548 24: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe pid: 4288 24: C:]
--
"ImagePath"="system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lsm.exe pid: 708 294: C:]
--
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe pid: 2264 100: ]
--
"ImagePath"="system32\DRIVERS\WinUsb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlanext.exe pid: 1540 44: C:]
--
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmpnetwk.exe pid: 540 3C: C:]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-13 19:26:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-13 18:26
.
Vor Suchlauf: 13 Verzeichnis(se), 482.775.859.200 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 482.568.863.744 Bytes frei
.
- - End Of File - - 798E12420330EB72104EE79BAE0D746E
Code:
OTL logfile created on: 13.03.2013 19:34:44 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,81% Memory free
7,98 Gb Paging File | 6,52 Gb Available in Paging File | 81,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 564,54 Gb Total Space | 449,43 Gb Free Space | 79,61% Space Free | Partition Type: NTFS
Drive D: | 16,78 Gb Total Space | 2,80 Gb Free Space | 16,67% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.03.11 19:13:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.02.18 19:30:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.18 19:30:20 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.18 19:30:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.13 11:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.02.13 11:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.02.10 05:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009.11.17 23:37:18 | 000,224,816 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2009.10.06 21:56:44 | 000,415,016 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
PRC - [2009.10.05 22:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009.07.01 21:42:54 | 000,197,120 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\KMWDSrv.exe
PRC - [2008.07.06 16:31:02 | 000,331,776 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\KMProcess.exe
PRC - [2008.06.14 00:02:04 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\KMCONFIG.exe
PRC - [2008.05.30 00:22:38 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\StartAutorun.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
========== Modules (No Company Name) ==========
MOD - [2013.02.19 20:57:02 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013.01.29 21:01:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
MOD - [2013.01.29 21:00:57 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.27 20:04:04 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
MOD - [2013.01.27 20:03:50 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.01.27 20:03:42 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.01.27 20:03:37 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.27 20:03:37 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.01.27 20:03:33 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.01.27 20:03:31 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.27 20:03:26 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2009.10.05 22:08:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009.08.20 11:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009.08.20 11:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009.08.20 11:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2008.06.16 08:06:10 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\MouseHook.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2007.03.29 11:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\keydll.dll
========== Services (SafeList) ==========
SRV:64bit: - [2011.05.13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010.03.23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.03.02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2013.03.09 08:41:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.28 20:42:36 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.18 19:30:49 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.18 19:30:25 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.02.18 19:30:20 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.01.25 14:45:54 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.10 05:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011.06.21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.03.23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.17 23:37:40 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009.11.17 23:37:18 | 000,224,816 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009.09.20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.07.01 21:42:54 | 000,197,120 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.10.03 10:20:17 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 13:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.12.19 13:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.10.14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.28 16:29:54 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.11.25 19:30:46 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.04.07 01:26:22 | 002,838,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.03.23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.11.12 22:42:18 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009.10.03 04:58:12 | 000,258,560 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.08.08 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.21 04:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 23:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009.04.29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2013.02.05 09:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.04.29 22:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\KMWDFilter.SYS -- (KMWDFILTER)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{E602283F-A36C-45C4-A339-52A4F7B135F3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.myheritage.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{E602283F-A36C-45C4-A339-52A4F7B135F3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3090101874-2806636729-3830283988-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3090101874-2806636729-3830283988-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3090101874-2806636729-3830283988-1001\..\SearchScopes\{E602283F-A36C-45C4-A339-52A4F7B135F3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3090101874-2806636729-3830283988-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3090101874-2806636729-3830283988-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 189.23.208.37:6588
IE - HKU\S-1-5-21-3090101874-2806636729-3830283988-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-3090101874-2806636729-3830283988-1009\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-3090101874-2806636729-3830283988-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-3090101874-2806636729-3830283988-1009\..\SearchScopes,DefaultScope =
========== FireFox ==========
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: en-GB%40dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledAddons: info%40youtube-mp3.org:1.0.4
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.6
FF - prefs.js..extensions.enabledAddons: ru%40dictionaries.addons.mozilla.org:0.4.4.1
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: keefox%40chris.tomlinson:1.1.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.5
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.17 14:18:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 08:41:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.09 08:41:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 08:41:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.09 08:41:01 | 000,000,000 | ---D | M]
[2012.04.09 12:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.04.09 12:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2013.03.11 21:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kpef7zhq.default\extensions
[2013.02.28 20:44:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kpef7zhq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.03.11 21:27:55 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kpef7zhq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.11.06 19:39:53 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kpef7zhq.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.11.15 18:54:50 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kpef7zhq.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2013.01.25 13:53:02 | 000,000,000 | ---D | M] (KeeFox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kpef7zhq.default\extensions\keefox@chris.tomlinson
[2012.11.06 23:05:14 | 000,000,000 | ---D | M] (Russian spellchecking dictionary) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kpef7zhq.default\extensions\ru@dictionaries.addons.mozilla.org
[2012.04.09 12:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Sunbird\Profiles\uvmxbago.default\extensions
[2012.11.19 16:55:53 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\kpef7zhq.default\extensions\compatibility@addons.mozilla.org.xpi
[2011.07.31 08:07:48 | 000,006,796 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\kpef7zhq.default\extensions\info@youtube-mp3.org.xpi
[2013.03.06 18:38:29 | 000,565,466 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\kpef7zhq.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi
[2012.08.31 19:59:16 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\kpef7zhq.default\extensions\nosquint@urandom.ca.xpi
[2013.03.06 19:07:35 | 000,386,363 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\kpef7zhq.default\extensions\personas@christopher.beard.xpi
[2013.02.18 20:24:54 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\kpef7zhq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.09 08:41:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.02.17 14:18:38 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013.03.09 08:41:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.06.01 17:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.28 15:54:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.01 17:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 17:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 17:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 17:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Youtube to MP3 Converter - High Quality = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllepdkfbbinindpblacdckjaflfjdmj\1.6_0\
CHR - Extension: Click&Clean = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.0.1_0\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: ChromeIPass = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ompiailgknfdndiefoaoiligalphfdae\1.0.7_0\
CHR - Extension: Click&Clean App = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013.03.13 19:10:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-3090101874-2806636729-3830283988-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HamaKMCONFIG] C:\Program Files (x86)\Hama Keyboard and Mouse driver V6.0\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-3090101874-2806636729-3830283988-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-3090101874-2806636729-3830283988-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-3090101874-2806636729-3830283988-1001..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-3090101874-2806636729-3830283988-1009..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3090101874-2806636729-3830283988-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RBTray.lnk = C:\Program Files (x86)\RBTray\64bit\RBTray.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3090101874-2806636729-3830283988-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3090101874-2806636729-3830283988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3090101874-2806636729-3830283988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3090101874-2806636729-3830283988-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-3090101874-2806636729-3830283988-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{022C3AE6-BD42-46DB-873B-15FC10FB7A9E}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89036F98-8A47-44B1-BAFB-3BD559444E31}: DhcpNameServer = 26.1.19.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9322F68E-95B3-49D9-9D41-7807CA4A99BF}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.01.14 16:05:50 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.13 19:20:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.13 18:50:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.13 18:50:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.13 18:50:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.13 18:49:44 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.03.13 18:49:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.13 18:49:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.13 18:42:40 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\berichte 1
[2013.03.13 18:40:52 | 005,038,936 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.03.11 21:28:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan
[2013.03.11 19:13:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.03.11 18:38:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.03.11 18:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.11 18:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.11 18:38:03 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.11 18:38:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.11 18:37:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.03.09 08:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.05 07:48:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013.03.01 19:33:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.03.01 19:30:43 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\SysWow64\FsUsbExService.Exe
[2013.03.01 19:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2013.03.01 19:27:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Samsung
[2013.03.01 19:27:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Samsung
[2013.03.01 19:27:09 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\samsung
[2013.02.19 21:03:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.02.19 21:02:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\***\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\***\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\***\AppData\Local\bass.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.03.13 19:31:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.13 19:31:40 | 3214,036,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.13 19:29:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 19:29:24 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 19:12:33 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3090101874-2806636729-3830283988-1001UA.job
[2013.03.13 19:10:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.13 18:49:05 | 005,038,936 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.03.13 18:42:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.13 18:40:07 | 000,597,667 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.03.11 21:12:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3090101874-2806636729-3830283988-1001Core.job
[2013.03.11 19:29:23 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19155.exe
[2013.03.11 19:13:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.03.11 19:05:59 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.03.11 19:01:26 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.03.04 20:36:07 | 129,793,426 | ---- | M] () -- C:\Users\***\Desktop\SandyCam.zip
[2013.03.04 20:35:59 | 015,779,728 | ---- | M] () -- C:\Users\***\Desktop\ANITACam.zip
[2013.03.03 20:15:12 | 014,630,151 | ---- | M] () -- C:\Users\***\Desktop\publication.pdf
[2013.03.01 19:46:11 | 000,000,857 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2013.02.19 20:09:28 | 000,480,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.18 20:35:18 | 001,644,164 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.18 20:35:18 | 000,700,646 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.18 20:35:18 | 000,655,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.18 20:35:18 | 000,149,410 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.18 20:35:18 | 000,122,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.03.13 18:50:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.13 18:50:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.13 18:50:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.13 18:50:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.13 18:50:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.13 18:40:07 | 000,597,667 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.03.11 19:29:22 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19155.exe
[2013.03.11 19:05:59 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.03.11 19:01:25 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.03.04 20:35:16 | 015,779,728 | ---- | C] () -- C:\Users\***\Desktop\ANITACam.zip
[2013.03.04 20:32:41 | 129,793,426 | ---- | C] () -- C:\Users\***\Desktop\SandyCam.zip
[2013.03.03 20:15:12 | 014,630,151 | ---- | C] () -- C:\Users\***\Desktop\publication.pdf
[2013.03.01 19:46:11 | 000,000,857 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2013.03.01 19:30:43 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013.03.01 19:30:43 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013.02.19 21:02:23 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3090101874-2806636729-3830283988-1001UA.job
[2013.02.19 21:02:23 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3090101874-2806636729-3830283988-1001Core.job
[2012.12.18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.12.18 10:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.12.18 10:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.12.18 10:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.12.18 10:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.10.03 14:24:11 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2012.09.12 19:37:22 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012.07.02 17:01:17 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.04.09 19:50:44 | 000,000,087 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012.02.25 22:49:46 | 001,600,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.16 17:58:56 | 000,245,255 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.02.16 17:58:56 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.11.27 21:38:37 | 000,004,939 | ---- | C] () -- C:\ProgramData\ndhlopzv.syn
[2011.08.26 16:14:40 | 003,676,114 | ---- | C] () -- C:\Users\***\AppData\Local\tmpP1020652.JPG
[2011.04.02 08:23:21 | 000,001,854 | ---- | C] () -- C:\Users\***\AppData\Roaming\GhostObjGAFix.xml
[2011.03.27 18:20:24 | 000,013,824 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.27 18:18:33 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.03.26 09:49:45 | 000,851,968 | ---- | C] () -- C:\Users\***\fbchathistory.dat
[2011.02.08 20:02:42 | 000,000,310 | ---- | C] () -- C:\Users\***\.jhh
[2010.11.24 22:21:00 | 000,007,613 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.11.16 18:39:59 | 000,000,168 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2010.11.04 21:24:06 | 001,406,696 | ---- | C] () -- C:\Users\***\AppData\Local\tmpIMG_0162.0
[2010.11.04 21:24:06 | 000,525,250 | ---- | C] () -- C:\Users\***\AppData\Local\tmpIMG_0162.JPG
[2010.10.30 17:49:59 | 000,001,472 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011.06.28 21:20:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.purple
[2011.02.08 21:08:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AckiSoft
[2011.06.03 22:00:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Agelong Tree
[2011.10.11 20:00:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahnenblatt
[2011.01.01 17:13:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alternate
[2012.11.01 13:04:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AquaSoft
[2012.12.22 20:45:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASCON Installer
[2012.11.01 12:28:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2013.02.10 16:03:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2010.10.30 17:06:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG10
[2011.01.15 20:31:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2010.12.28 22:29:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BatteryBar
[2010.11.27 17:37:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2010.12.30 21:02:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ChemTable Software
[2012.02.25 19:35:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.12.19 14:15:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DonationCoder
[2012.07.02 17:02:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DTLink Software
[2013.01.27 20:40:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.04.08 21:31:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EssentialPIM
[2012.10.16 19:17:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EXIF Date Changer
[2012.11.10 22:07:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.06.03 21:46:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Genprofi-Stammbaum
[2011.04.19 20:49:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.11.26 18:56:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.11.27 17:53:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2012.02.26 01:05:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2011.02.08 21:01:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MechCAD
[2012.09.02 13:56:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.12.30 21:45:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games
[2011.11.08 20:04:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NCH Swift Sound
[2011.01.03 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.07.02 19:27:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PFSoft
[2011.09.16 14:42:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Phoner
[2012.06.03 23:00:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Power Sound Editor Free
[2012.07.02 17:51:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProTrader .Net Station
[2013.01.14 20:59:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pschmid.net
[2013.03.11 21:46:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2011.02.21 20:48:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RapidTyping
[2011.01.13 19:22:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Raptr
[2012.04.08 20:41:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RDecke
[2011.04.19 21:20:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Recordpad
[2010.11.22 21:06:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RTPlayer
[2013.03.01 19:27:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.07.02 17:50:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scripts
[2011.03.26 20:10:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2011.03.26 20:01:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Setup
[2012.02.27 20:38:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock
[2011.07.13 20:54:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.11.16 18:40:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2012.10.03 10:21:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.02.06 20:36:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.12.14 20:56:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ulead Systems
[2012.04.14 17:58:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity
[2012.04.09 19:12:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark
[2012.07.02 19:15:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WOKAL
[2010.10.30 15:59:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\_MDLogs
========== Purity Check ==========
< End of report >
|
Hinweise zum Ablauf