HansaHans | 12.09.2013 21:23 | Darüber hinaus ein OTL-Bericht: Code:
OTL logfile created on: 12.09.2013 21:41:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Hindersmann\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
9,89 Gb Total Physical Memory | 7,87 Gb Available Physical Memory | 79,59% Memory free
19,77 Gb Paging File | 17,40 Gb Available in Paging File | 87,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 191,97 Gb Free Space | 20,61% Space Free | Partition Type: NTFS
Drive D: | 119,24 Gb Total Space | 19,24 Gb Free Space | 16,13% Space Free | Partition Type: NTFS
Drive X: | 22,36 Gb Total Space | 7,30 Gb Free Space | 32,63% Space Free | Partition Type: NTFS
Computer Name: HINDERSMANN-PC | User Name: Hindersmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.09.12 21:38:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Hindersmann\Desktop\OTL.exe
PRC - [2013.09.05 16:04:16 | 003,478,392 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
PRC - [2013.09.02 22:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- D:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.07.15 20:41:27 | 000,217,992 | ---- | M] (Google Inc.) -- D:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) -- D:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) -- D:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.11 09:43:14 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012.07.17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.07.17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.06.27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.06.25 17:19:24 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012.06.25 15:54:28 | 000,322,208 | ---- | M] (ASUSTek Computer Inc.) -- D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012.06.25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.06.19 13:59:04 | 000,174,752 | ---- | M] (ASUSTek Computer Inc.) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012.06.01 15:40:06 | 001,104,240 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012.06.01 15:40:04 | 001,304,944 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012.06.01 15:40:00 | 001,014,128 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012.06.01 15:39:58 | 000,936,304 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2012.05.21 00:26:26 | 000,291,648 | ---- | M] (Intel Corporation) -- D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.05.03 15:13:10 | 000,309,888 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
PRC - [2012.04.13 10:14:00 | 000,277,120 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
PRC - [2012.02.20 11:31:06 | 000,019,968 | ---- | M] () -- D:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
PRC - [2012.02.20 11:31:06 | 000,018,944 | ---- | M] () -- D:\Windows\SysWOW64\DptfParticipantProcessorService.exe
PRC - [2011.11.21 14:22:08 | 000,080,512 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2011.11.21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
========== Modules (No Company Name) ==========
MOD - [2013.09.02 22:35:56 | 000,410,576 | ---- | M] () -- D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
MOD - [2013.09.02 22:35:54 | 004,053,456 | ---- | M] () -- D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013.09.02 22:35:04 | 000,709,584 | ---- | M] () -- D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
MOD - [2013.09.02 22:35:03 | 000,099,792 | ---- | M] () -- D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
MOD - [2013.09.02 22:35:01 | 001,604,560 | ---- | M] () -- D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2012.09.23 20:43:58 | 000,010,240 | ---- | M] () -- D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2012.06.24 07:58:00 | 000,004,096 | ---- | M] () -- D:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- D:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- D:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- D:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
========== Services (SafeList) ==========
SRV - [2013.08.28 23:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.08.21 17:03:15 | 000,117,656 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.13 22:50:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) [Auto | Running] -- D:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) [Auto | Running] -- D:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.06.27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.06.25 16:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Running] -- D:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2012.06.25 16:06:08 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- D:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012.06.25 16:05:54 | 000,628,016 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.06.25 16:05:28 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2012.06.25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.06.13 19:34:30 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- D:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.06.01 15:40:06 | 001,104,240 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012.06.01 15:40:04 | 001,304,944 | ---- | M] (Intel Corporation) [On_Demand | Running] -- D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012.06.01 15:40:00 | 001,014,128 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012.04.23 17:23:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012.04.20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- D:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.04.13 10:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- D:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2012.03.15 07:09:20 | 000,659,976 | ---- | M] (Intel Corporation) [Auto | Running] -- D:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2012.02.20 11:31:06 | 000,019,968 | ---- | M] () [Auto | Running] -- D:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)
SRV - [2012.02.20 11:31:06 | 000,018,944 | ---- | M] () [Auto | Running] -- D:\Windows\SysWOW64\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)
SRV - [2011.11.21 14:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2011.11.21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.05.28 04:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- D:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.30 04:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2009.03.30 04:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2008.07.10 05:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.08.30 10:54:49 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.06.28 12:40:28 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.05.23 07:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013.05.21 07:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013.05.16 07:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.04.25 02:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.04.16 04:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013.03.15 07:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013.03.05 03:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013.03.05 03:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.12.06 13:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012.09.13 15:49:36 | 000,633,552 | ---- | M] (Paragon) [Kernel | System | Stopped] -- D:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2012.09.13 15:49:36 | 000,390,224 | ---- | M] (Paragon) [Kernel | System | Stopped] -- D:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2012.09.13 15:49:36 | 000,090,960 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- D:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.06.13 19:34:20 | 014,759,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.06.04 17:23:04 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.05.21 00:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.05.21 00:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.05.21 00:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.03.21 11:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012.03.19 17:43:42 | 000,314,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012.03.15 06:02:46 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012.03.15 06:02:46 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- D:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.20 11:31:06 | 000,357,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager)
DRV:64bit: - [2012.02.20 11:31:06 | 000,220,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:64bit: - [2012.02.20 11:31:06 | 000,107,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfDevDram.sys -- (DptfDevDram)
DRV:64bit: - [2012.02.20 11:31:06 | 000,096,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:64bit: - [2012.02.20 11:31:06 | 000,064,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfDevGen.sys -- (DptfDevGen)
DRV:64bit: - [2012.02.20 11:31:06 | 000,042,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\DptfDevFan.sys -- (DptfDevFan)
DRV:64bit: - [2012.02.13 09:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012.02.13 08:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.12.12 02:37:50 | 000,015,656 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ETDKbdf.sys -- (ETDKbdf)
DRV:64bit: - [2011.12.12 02:37:28 | 000,205,608 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 02:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2013.09.04 00:26:27 | 001,525,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130903.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013.08.30 03:14:10 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130912.001\ex64.sys -- (NAVEX15)
DRV - [2013.08.30 03:14:10 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.08.30 03:14:10 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.08.30 03:14:10 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130912.001\eng64.sys -- (NAVENG)
DRV - [2013.08.29 17:04:30 | 000,520,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130911.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011.09.07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- D:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2010.01.05 17:01:02 | 000,013,440 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\ASUS\WinFlash\bsitf64.sys -- (bsitf)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- D:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 BB F1 DA 55 2D CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B44DC485083C725C&affID=119779&tt=250613_gr3&tsp=4924
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: D:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: D:\Program Files (x86)\Adobe\Photoshop\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: D:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: D:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: D:\Program Files (x86)\Adobe\Photoshop\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: D:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.05.28 17:44:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013.06.18 22:31:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2013.09.12 21:22:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013.08.29 23:27:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins
[2012.09.30 22:11:40 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\Extensions
[2013.08.07 22:47:30 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\Firefox\Profiles\6ozsalbr.default\extensions
[2012.11.11 16:49:17 | 000,000,000 | ---D | M] (EPUBReader) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\Firefox\Profiles\6ozsalbr.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013.08.07 22:47:30 | 001,400,372 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\fpw@informatik.tu-darmstadt.de.xpi
[2013.07.27 14:35:04 | 000,050,777 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2013.04.17 15:50:46 | 000,201,930 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\hdvc@hdvc.com.xpi
[2013.08.02 15:02:50 | 000,224,035 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013.08.02 15:02:52 | 000,824,302 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.01 01:40:28 | 000,434,392 | ---- | M] () (No name found) -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.06.25 17:59:16 | 000,006,545 | ---- | M] () -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\searchplugins\babylon.xml
[2013.06.25 17:59:30 | 000,001,294 | ---- | M] () -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\searchplugins\delta.xml
[2012.10.03 14:34:33 | 000,003,915 | ---- | M] () -- D:\Users\Hindersmann\AppData\Roaming\mozilla\firefox\profiles\6ozsalbr.default\searchplugins\sweetim.xml
[2013.06.25 17:59:39 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\mozilla firefox\Extensions
[2013.05.29 20:38:34 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.08.21 17:03:15 | 000,000,000 | ---D | M] (Default) -- D:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B44DC485083C725C&affID=119779&tt=250613_gr3&tsp=4924
CHR - plugin: Shockwave Flash (Enabled) = D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = D:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = D:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = D:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: YouTube = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Grooveshark Germany unlocker = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\
CHR - Extension: Grooveshark Germany unlocker = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig
CHR - Extension: Adobe Acrobat PDF-Datei erstellen = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0\
CHR - Extension: Click to activate/deactivate ProxTube = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclefogcenncfmmekelnpgpehiglcjln\1.2.4_0\
CHR - Extension: ZenMate for Google Chrome\u2122 = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme\2.9_0\
CHR - Extension: AdBlock = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0\
CHR - Extension: IP-Adresse = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmploh\1.10_0\
CHR - Extension: Porsche = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3_0\
CHR - Extension: IP-Adresse = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml\7.1_0\
CHR - Extension: Downloaders = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\
CHR - Extension: Norton Identity Protection = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Chrome In-App Payments service = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: YouTube Unblocker = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.4.4_0\
CHR - Extension: Type Fu = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\okboeogmnhjpgbeaokfogelclpblaemo\2.0.0_0\
CHR - Extension: Google Mail = D:\Users\Hindersmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2012.11.22 17:56:51 | 000,003,308 | ---- | M]) - D:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 hh-software.com
O1 - Hosts: 127.0.0.1 www.hh-software.com
O1 - Hosts: 57 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ASUS Browser Extension x64) - {78234974-0C4B-4111-BDEB-D9A104418772} - D:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.)
O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - D:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ASUS Browser Extension x86) - {78234974-0C4B-4111-BDEB-D9A104418771} - D:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - D:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [ASUSQuickGesture(x64)] D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.)
O4:64bit: - HKLM..\Run: [ASUSQuickGesture(x86)] D:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.)
O4:64bit: - HKLM..\Run: [ASUSTPLoader(x64)] D:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] D:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] D:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] D:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] D:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] D:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATKMEDIA] D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKOSD2] D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HControlUser] D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [USB3MON] D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_928877A4C7DF6A5F4EDCBFA23A443A70] D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - Startup: D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = D:\Users\Hindersmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{592C9F95-DECF-4FD6-A9A3-A11C6947E061}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - D:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (D:\Windows\system32\nvinitx.dll) - D:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (d:\windows\syswow64\nvinit.dll) - d:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - D:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - D:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4ec2eb6d-1938-11e2-82ef-c485083c725f}\Shell - "" = AutoRun
O33 - MountPoints2\{4ec2eb6d-1938-11e2-82ef-c485083c725f}\Shell\AutoRun\command - "" = F:\Password.exe
O33 - MountPoints2\{f82d4048-a2d6-11e2-bbb4-c485083c725f}\Shell - "" = AutoRun
O33 - MountPoints2\{f82d4048-a2d6-11e2-bbb4-c485083c725f}\Shell\AutoRun\command - "" = F:\auvisio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.09.12 21:38:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\Hindersmann\Desktop\OTL.exe
[2013.09.12 16:45:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\SysNative\drivers\mbam.sys
[2013.09.12 16:45:21 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.09.12 16:45:21 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.09.12 16:40:56 | 000,000,000 | ---D | C] -- D:\ProgramData\Spybot - Search & Destroy
[2013.09.11 17:28:25 | 000,391,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013.09.11 17:28:24 | 000,526,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\ieui.dll
[2013.09.11 17:28:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll
[2013.09.11 17:28:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\iesetup.dll
[2013.09.11 17:28:14 | 000,039,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\iernonce.dll
[2013.09.11 17:28:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll
[2013.09.11 17:28:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.09.11 17:28:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll
[2013.09.11 17:28:08 | 000,051,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\ie4uinit.exe
[2013.09.11 17:28:05 | 000,136,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\iesysprep.dll
[2013.09.11 17:28:05 | 000,089,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.09.11 17:27:54 | 000,603,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\msfeeds.dll
[2013.09.11 17:27:53 | 003,959,296 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\jscript9.dll
[2013.09.11 17:27:53 | 000,855,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\jscript.dll
[2013.09.11 17:27:53 | 000,690,688 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013.09.11 16:55:13 | 000,155,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\drivers\ataport.sys
[2013.09.11 16:55:12 | 003,968,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntkrnlpa.exe
[2013.09.11 16:55:12 | 003,913,664 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntoskrnl.exe
[2013.09.11 16:55:11 | 005,550,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\ntoskrnl.exe
[2013.09.11 16:55:11 | 001,732,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\ntdll.dll
[2013.09.11 16:55:11 | 001,161,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\kernel32.dll
[2013.09.11 16:55:11 | 000,424,448 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\KernelBase.dll
[2013.09.11 16:55:11 | 000,362,496 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\wow64win.dll
[2013.09.11 16:55:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\conhost.exe
[2013.09.11 16:55:11 | 000,243,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\wow64.dll
[2013.09.11 16:55:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\winsrv.dll
[2013.09.11 16:55:11 | 000,112,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\smss.exe
[2013.09.11 16:55:11 | 000,043,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\csrsrv.dll
[2013.09.11 16:55:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\setup16.exe
[2013.09.11 16:55:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\ntvdm64.dll
[2013.09.11 16:55:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntvdm64.dll
[2013.09.11 16:55:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\wow64cpu.dll
[2013.09.11 16:55:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\instnm.exe
[2013.09.11 16:55:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\apisetschema.dll
[2013.09.11 16:55:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\apisetschema.dll
[2013.09.11 16:55:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.09.11 16:55:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.09.11 16:55:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.09.11 16:55:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.09.11 16:55:11 | 000,005,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wow32.dll
[2013.09.11 16:55:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.09.11 16:55:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.09.11 16:55:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.09.11 16:55:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\user.exe
[2013.09.11 16:54:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\shdocvw.dll
[2013.09.08 12:44:10 | 000,000,000 | ---D | C] -- D:\Users\Hindersmann\Desktop\5-076 Übungsdateien
[2013.09.05 22:11:07 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\SequoiaView
[2013.09.05 20:43:58 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.09.05 20:43:51 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Microsoft Silverlight
[2013.09.03 18:41:04 | 000,000,000 | ---D | C] -- D:\Users\Hindersmann\DigSig
[2013.08.30 10:52:49 | 000,433,752 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys
[2013.08.30 10:52:48 | 001,139,800 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys
[2013.08.30 10:52:48 | 000,796,760 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys
[2013.08.30 10:52:48 | 000,493,656 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys
[2013.08.30 10:52:48 | 000,224,416 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys
[2013.08.30 10:52:48 | 000,169,048 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys
[2013.08.30 10:52:48 | 000,036,952 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys
[2013.08.30 10:52:48 | 000,023,448 | R--- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symelam.sys
[2013.08.30 10:50:00 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\drivers\N360x64\1404000.028
[2013.08.29 23:30:11 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Symantec Shared
[2013.08.29 23:26:59 | 000,177,312 | ---- | C] (Symantec Corporation) -- D:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.08.29 23:26:59 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Symantec Shared
[2013.08.29 23:26:59 | 000,000,000 | ---D | C] -- D:\Program Files\Symantec
[2013.08.29 23:23:22 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\drivers\N360x64
[2013.08.29 23:23:20 | 000,000,000 | R--D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013.08.29 23:23:20 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Norton 360
[2013.08.29 23:23:20 | 000,000,000 | ---D | C] -- D:\ProgramData\Norton
[2013.08.29 23:18:57 | 000,000,000 | ---D | C] -- D:\ProgramData\NortonInstaller
[2013.08.29 23:18:57 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\NortonInstaller
[2013.08.16 08:31:52 | 000,000,000 | ---D | C] -- D:\Users\Hindersmann\Desktop\Elektrotechnik
[2013.08.15 22:06:30 | 000,000,000 | ---D | C] -- D:\Windows\SysNative\MRT
[2013.08.14 15:49:07 | 001,472,512 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\crypt32.dll
[2013.08.14 15:49:07 | 000,224,256 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\wintrust.dll
[2013.08.14 15:49:07 | 000,139,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\cryptnet.dll
[2013.08.14 15:48:49 | 001,888,768 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\WMVDECOD.DLL
[2013.08.14 15:48:48 | 001,620,992 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\WMVDECOD.DLL
[2013.08.14 15:48:26 | 001,217,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysNative\rpcrt4.dll
========== Files - Modified Within 30 Days ==========
[2013.09.12 21:38:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Hindersmann\Desktop\OTL.exe
[2013.09.12 21:26:37 | 001,806,990 | ---- | M] () -- D:\Windows\SysNative\PerfStringBackup.INI
[2013.09.12 21:26:37 | 000,773,946 | ---- | M] () -- D:\Windows\SysNative\perfh007.dat
[2013.09.12 21:26:37 | 000,728,618 | ---- | M] () -- D:\Windows\SysNative\perfh009.dat
[2013.09.12 21:26:37 | 000,177,318 | ---- | M] () -- D:\Windows\SysNative\perfc007.dat
[2013.09.12 21:26:37 | 000,150,098 | ---- | M] () -- D:\Windows\SysNative\perfc009.dat
[2013.09.12 21:26:34 | 000,015,600 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.09.12 21:26:34 | 000,015,600 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.09.12 21:19:40 | 000,001,116 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.09.12 21:19:39 | 000,000,530 | ---- | M] () -- D:\Windows\tasks\MATLAB R2013a Startup Accelerator.job
[2013.09.12 21:19:29 | 000,000,828 | ---- | M] () -- D:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.09.12 21:19:24 | 000,000,212 | ---- | M] () -- D:\Windows\tasks\AutoKMS.job
[2013.09.12 21:19:22 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013.09.12 20:54:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013.09.12 20:46:01 | 000,001,120 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.09.12 16:44:28 | 000,000,085 | ---- | M] () -- D:\Windows\wininit.ini
[2013.09.11 17:35:25 | 005,052,760 | ---- | M] () -- D:\Windows\SysNative\FNTCACHE.DAT
[2013.09.11 17:31:37 | 002,230,099 | ---- | M] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB
[2013.09.08 13:23:00 | 000,000,830 | ---- | M] () -- D:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.09.08 12:53:00 | 000,000,202 | ---- | M] () -- D:\Windows\tasks\AutoKMSDaily.job
[2013.08.30 10:54:49 | 000,177,312 | ---- | M] (Symantec Corporation) -- D:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.08.30 10:54:49 | 000,007,631 | ---- | M] () -- D:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.08.30 10:54:49 | 000,000,854 | ---- | M] () -- D:\Windows\SysNative\drivers\SYMEVENT64x86.INF
========== Files Created - No Company Name ==========
[2013.09.12 16:44:25 | 000,000,085 | ---- | C] () -- D:\Windows\wininit.ini
[2013.09.01 17:37:10 | 002,230,099 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB
[2013.08.30 10:56:51 | 000,014,818 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\VT20130115.021
[2013.08.30 10:52:49 | 000,008,067 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symnet64.cat
[2013.08.30 10:52:48 | 000,009,670 | R--- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symelam64.cat
[2013.08.30 10:52:48 | 000,007,667 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.cat
[2013.08.30 10:52:48 | 000,007,593 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\iron.cat
[2013.08.30 10:52:48 | 000,007,589 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.cat
[2013.08.30 10:52:48 | 000,007,587 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.cat
[2013.08.30 10:52:48 | 000,003,434 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symefa.inf
[2013.08.30 10:52:48 | 000,002,852 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symds.inf
[2013.08.30 10:52:48 | 000,001,440 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symnet.inf
[2013.08.30 10:52:48 | 000,001,437 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.inf
[2013.08.30 10:52:48 | 000,001,420 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.inf
[2013.08.30 10:52:48 | 000,000,996 | R--- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symelam.inf
[2013.08.30 10:52:48 | 000,000,853 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.inf
[2013.08.30 10:52:48 | 000,000,767 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\iron.inf
[2013.08.30 10:50:00 | 000,008,067 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.cat
[2013.08.30 10:50:00 | 000,008,063 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.cat
[2013.08.30 10:50:00 | 000,000,172 | ---- | C] () -- D:\Windows\SysNative\drivers\N360x64\1404000.028\isolate.ini
[2013.08.29 23:26:59 | 000,007,631 | ---- | C] () -- D:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.08.29 23:26:59 | 000,000,854 | ---- | C] () -- D:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.07.15 22:39:22 | 000,000,600 | ---- | C] () -- D:\Users\Hindersmann\AppData\Local\PUTTY.RND
[2013.04.05 07:31:10 | 000,000,184 | ---- | C] () -- D:\Windows\AutoKMS.ini
[2013.03.12 19:56:24 | 000,000,132 | ---- | C] () -- D:\Users\Hindersmann\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2013.02.27 21:09:23 | 000,087,704 | ---- | C] () -- D:\Windows\cadkasdeinst01.exe
[2013.02.25 21:48:30 | 000,000,151 | ---- | C] () -- D:\Windows\wiso.ini
[2012.11.23 02:41:21 | 000,000,057 | ---- | C] () -- D:\ProgramData\Ament.ini
[2012.11.20 21:49:22 | 000,002,850 | ---- | C] () -- D:\Windows\hpwmdl22.dat.temp
[2012.11.20 21:26:39 | 000,222,950 | ---- | C] () -- D:\Windows\hpwins22.dat
[2012.11.20 21:26:39 | 000,002,850 | ---- | C] () -- D:\Windows\hpwmdl22.dat
[2012.11.11 22:02:25 | 000,007,606 | ---- | C] () -- D:\Users\Hindersmann\AppData\Local\Resmon.ResmonCfg
[2012.10.21 14:46:25 | 000,001,456 | ---- | C] () -- D:\Users\Hindersmann\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.10.13 16:17:12 | 000,035,237 | ---- | C] () -- D:\Users\Hindersmann\AppData\Local\recently-used.xbel
[2012.10.11 23:35:52 | 000,003,072 | ---- | C] () -- D:\Users\Hindersmann\AppData\Local\file__0.localstorage
[2012.10.01 15:58:39 | 001,807,160 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.30 22:06:31 | 000,176,128 | ---- | C] () -- D:\Windows\SysWow64\lffax60n.dll
[2012.09.30 22:06:31 | 000,141,824 | ---- | C] () -- D:\Windows\SysWow64\lfcmp60n.dll
[2012.09.30 22:06:31 | 000,110,080 | ---- | C] () -- D:\Windows\SysWow64\lfpng60n.dll
[2012.09.30 22:06:31 | 000,046,080 | ---- | C] () -- D:\Windows\SysWow64\lftif60n.dll
[2012.09.30 22:06:31 | 000,043,008 | ---- | C] () -- D:\Windows\SysWow64\ltfil60n.dll
[2012.09.30 22:06:31 | 000,023,552 | ---- | C] () -- D:\Windows\SysWow64\lfpcx60n.dll
[2012.09.30 22:06:31 | 000,022,528 | ---- | C] () -- D:\Windows\SysWow64\lfpct60n.dll
[2012.09.30 22:06:31 | 000,022,528 | ---- | C] () -- D:\Windows\SysWow64\lfeps60n.dll
[2012.09.30 22:06:31 | 000,022,016 | ---- | C] () -- D:\Windows\SysWow64\lfbmp60n.dll
[2012.09.30 22:06:31 | 000,020,480 | ---- | C] () -- D:\Windows\SysWow64\lfpsd60n.dll
[2012.09.30 22:06:31 | 000,019,968 | ---- | C] () -- D:\Windows\SysWow64\lftga60n.dll
[2012.09.30 22:06:31 | 000,019,456 | ---- | C] () -- D:\Windows\SysWow64\lfwpg60n.dll
[2012.09.30 22:06:31 | 000,019,456 | ---- | C] () -- D:\Windows\SysWow64\lfwmf60n.dll
[2012.09.30 22:06:31 | 000,018,432 | ---- | C] () -- D:\Windows\SysWow64\lfmsp60n.dll
[2012.09.30 22:06:31 | 000,017,920 | ---- | C] () -- D:\Windows\SysWow64\lfmac60n.dll
[2012.09.30 22:06:31 | 000,017,920 | ---- | C] () -- D:\Windows\SysWow64\implode.dll
[2012.09.30 22:06:31 | 000,005,378 | ---- | C] () -- D:\Windows\PSPICEEV.INI
[2012.06.13 19:34:28 | 000,755,572 | ---- | C] () -- D:\Windows\SysWow64\igkrng700.bin
[2012.06.13 19:34:22 | 000,559,972 | ---- | C] () -- D:\Windows\SysWow64\igfcg700m.bin
[2012.06.13 19:34:18 | 000,058,880 | ---- | C] () -- D:\Windows\SysWow64\igdde32.dll
[2012.06.13 19:34:14 | 013,026,816 | ---- | C] () -- D:\Windows\SysWow64\ig7icd32.dll
[2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- D:\Windows\SysWow64\IusEventLog.dll
[2012.02.20 11:31:06 | 000,019,968 | ---- | C] () -- D:\Windows\SysWow64\DptfPolicyConfigTDPService.exe
[2012.02.20 11:31:06 | 000,018,944 | ---- | C] () -- D:\Windows\SysWow64\DptfParticipantProcessorService.exe
[2012.02.20 11:31:06 | 000,012,288 | ---- | C] () -- D:\Windows\SysWow64\DptfPolicyConfigTDPDll.dll
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- D:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = D:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = D:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = D:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 1072 bytes -> D:\Users\Hindersmann\AppData\Local\epDmpGdpihRZQ:uPYHcBRiwDMRwNxgN1AwTc
< End of report > 1. Malware Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.09.12.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Hindersmann :: HINDERSMANN-PC [Administrator]
12.09.2013 16:45:58
mbam-log-2013-09-12 (16-45-58).txt
Art des Suchlaufs: Vollständiger Suchlauf (D:\|X:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 800242
Laufzeit: 2 Stunde(n), 1 Minute(n), 33 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 8
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Keine Aktion durchgeführt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0RtGtCtH1H1L2Y0B0EtF0CtG1O -> Keine Aktion durchgeführt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {ABD64470-0D56-11E2-866F-C485083C725F} -> Keine Aktion durchgeführt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {ABD64470-0D56-11E2-866F-C485083C725F} -> Keine Aktion durchgeführt.
Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B44DC485083C725C&affID=119779&tt=250613_gr3&tsp=4924) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
Infizierte Verzeichnisse: 6
D:\Users\Hindersmann\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
Infizierte Dateien: 15
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
D:\Users\Hindersmann\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\HDVidCodec.lnk (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\Uninstall.lnk (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com\HDvidCodec10.crx (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com\b.bmp (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com\finish.bmp (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com\FinishHDVID.exe (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com\HDVidCodec.exe (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com\hdvidextsetup.exe (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com\hdvid_temp.bmp (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\hdvidcodec.com\uninst.exe (PUP.Optional.HDVidCodec.A) -> Keine Aktion durchgeführt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
(Ende)
2. Malware Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.09.12.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Hindersmann :: HINDERSMANN-PC [Administrator]
12.09.2013 19:21:47
mbam-log-2013-09-12 (19-21-47).txt
Art des Suchlaufs: Vollständiger Suchlauf (D:\|X:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 823531
Laufzeit: 55 Minute(n), 12 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 7
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 3
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0RtGtCtH1H1L2Y0B0EtF0CtG1O -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {ABD64470-0D56-11E2-866F-C485083C725F} -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {ABD64470-0D56-11E2-866F-C485083C725F} -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=B44DC485083C725C&affID=119779&tt=250613_gr3&tsp=4924) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
Infizierte Verzeichnisse: 5
D:\Users\Hindersmann\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 7
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Users\Hindersmann\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\HDVidCodec.lnk (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Users\Hindersmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\Uninstall.lnk (PUP.Optional.HDVidCodec.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
3. Malware Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.09.12.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Hindersmann :: HINDERSMANN-PC [Administrator]
12.09.2013 21:33:03
mbam-log-2013-09-12 (21-33-03).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 245946
Laufzeit: 1 Minute(n), 52 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende) |