| |
| |||||||
Log-Analyse und Auswertung: Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FIWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
18.06.2012, 15:41
| #1 |
 |  Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI Hallo liebe Helfer in der Not, seit Donnerstag letzter Woche meldet AVIRA (wie bei so vielen anderen hier auf dem board) in kurzen Abständen die Funde "W32/Patched.UA", "TR/ATRAPS.Gen2" und "TR/Small.FI". Ich bin sehr froh, dass ich Euch gefunden habe und hoffe, Ihr könnt mir helfen. Damit dieses auch möglich ist, habe ich mich sklavisch an die Anweisungen gehalten und poste jetzt hier die Ergebnisse meiner SCANS: AVIRA Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 18. Juni 2012 09:48
Es wird nach 3844536 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows (TM) Vista Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MEPHISTO
Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 17:53:26
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 17:53:25
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 17:53:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 17:53:43
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 18:39:42
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 08:24:16
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:20:19
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 09:28:26
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 18:39:39
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 18:39:39
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 18:39:40
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 18:39:40
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 18:39:40
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 18:39:40
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 18:39:40
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 18:39:40
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 18:39:40
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 17:56:08
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 17:56:12
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 17:56:19
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 17:56:32
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 17:56:39
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 09:24:38
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 09:24:38
VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 13:29:29
VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 07:49:22
VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 19:00:48
VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 19:45:46
VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 19:45:51
VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 11:45:43
VBASE027.VDF : 7.11.32.252 2048 Bytes 14.06.2012 11:45:43
VBASE028.VDF : 7.11.32.253 2048 Bytes 14.06.2012 11:45:43
VBASE029.VDF : 7.11.32.254 2048 Bytes 14.06.2012 11:45:43
VBASE030.VDF : 7.11.32.255 2048 Bytes 14.06.2012 11:45:44
VBASE031.VDF : 7.11.33.62 105472 Bytes 18.06.2012 07:45:39
Engineversion : 8.2.10.92
AEVDF.DLL : 8.1.2.8 106867 Bytes 03.06.2012 09:24:45
AESCRIPT.DLL : 8.1.4.26 450939 Bytes 15.06.2012 11:47:18
AESCN.DLL : 8.1.8.2 131444 Bytes 30.01.2012 10:20:48
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 11:47:30
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.18 807287 Bytes 15.06.2012 11:47:09
AEOFFICE.DLL : 8.1.2.36 201082 Bytes 15.06.2012 11:46:55
AEHEUR.DLL : 8.1.4.46 4923767 Bytes 15.06.2012 11:46:53
AEHELP.DLL : 8.1.21.0 254326 Bytes 11.05.2012 18:39:29
AEGEN.DLL : 8.1.5.30 422261 Bytes 15.06.2012 11:45:48
AEEXP.DLL : 8.1.0.52 82293 Bytes 15.06.2012 11:47:30
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.10 201080 Bytes 03.06.2012 09:24:39
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 17:53:17
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 17:53:25
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 17:53:43
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 17:53:21
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 17:53:24
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 17:53:42
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 17:53:28
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 17:53:40
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 17:53:17
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 17:53:18
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Montag, 18. Juni 2012 09:48
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Adobe
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\ADOBE SYSTEMS
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Agfa
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\C07ft5Y
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\CyberLink
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\DivXNetworks
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DownloadManager
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\EmbedExtnToClsidMappings
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Jet
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\RAS AutoDial
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Works
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nokia
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\RIS
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\S3R521
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpntray.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'GarminLifetime.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'WebcamDell.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDDXSrv.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'DataSafeOnline.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '144' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTLite.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'Toaster.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'DSUpd.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'STSERVICE.EXE' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftservice.EXE' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsswd.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsssrv.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpnas.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'DockLogin.exe' - '22' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Windows\Sysnative\drivers\sptd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Die Registry wurde durchsucht ( '3736' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <OS>
C:\DELL\j156m\factory\common_64_SM.7z
[WARNUNG] Der Archivheader ist defekt
C:\DELL\j156m\factory\common_PF2.7z
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Program Files (x86)\Activision\Wolfenstein\SP\base\assets.pk4
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Program Files (x86)\Activision\Wolfenstein\SP\base\shaders.pk4
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\* * *\Desktop\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\* * *\Desktop\HSS-2.07-install-resell3-306-conduit.exe
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@
[FUND] Ist das Trojanische Pferd TR/Small.FI
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
C:\Windows\System32\services.exe
[FUND] Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA
Beginne mit der Suche in 'D:\' <RECOVERY>
Beginne mit der Desinfektion:
C:\Windows\System32\services.exe
[FUND] Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 55055eca.qua erstellt ( QUARANTÄNE )
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dcc76d8.qua' verschoben!
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@
[FUND] Ist das Trojanische Pferd TR/Small.FI
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1f932c30.qua' verschoben!
Ende des Suchlaufs: Montag, 18. Juni 2012 11:58
Benötigte Zeit: 2:08:02 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
49476 Verzeichnisse wurden überprüft
739565 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
739561 Dateien ohne Befall
7201 Archive wurden durchsucht
8 Warnungen
24 Hinweise
1110337 Objekte wurden beim Rootkitscan durchsucht
21 Versteckte Objekte wurden gefunden
Malwarebyte Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.18.03 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 * * * :: MEPHISTO [Administrator] Schutz: Aktiviert 18.06.2012 12:05:49 mbam-log-2012-06-18 (15-46-16).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 469317 Laufzeit: 3 Stunde(n), 18 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 18.06.2012 15:56:04 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\* * *\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,92% Memory free 8,16 Gb Paging File | 6,06 Gb Available in Paging File | 74,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,40 Gb Total Space | 38,78 Gb Free Space | 13,68% Space Free | Partition Type: NTFS Drive D: | 14,65 Gb Total Space | 6,79 Gb Free Space | 46,35% Space Free | Partition Type: NTFS Computer Name: MEPHISTO | User Name: * * * | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.18 15:55:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\* * *\Desktop\OTL.exe PRC - [2012.06.14 12:52:26 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe PRC - [2012.05.08 19:53:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 19:53:24 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 19:53:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.07 03:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe PRC - [2012.01.06 20:36:14 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2012.01.06 16:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe PRC - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2011.11.08 12:11:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.11.08 12:11:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.01.13 21:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2011.01.13 21:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe PRC - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2008.11.11 18:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe PRC - [2008.05.23 21:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 22:28:31 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\592a9a12b07b624764df2eca289116d1\System.Web.Services.ni.dll MOD - [2012.06.15 22:09:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 12:19:20 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.06.14 12:18:49 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.06.14 12:18:41 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012.06.14 12:18:22 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.06.14 12:18:19 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012.06.14 11:59:03 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.14 11:58:42 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012.06.14 11:57:50 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.06.03 13:03:51 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012.06.03 12:04:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.06.03 11:23:26 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.06.03 11:22:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0b56e0ea0a4fca560a68607afae65ac9\System.Core.ni.dll MOD - [2012.06.03 11:21:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012.06.03 11:21:03 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.06.03 11:20:57 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.06.03 11:20:43 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012.05.29 21:08:31 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012.05.29 20:32:50 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.05.29 20:28:34 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll MOD - [2012.05.29 20:28:15 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a8079623eab0ba9e106436885a0281d\System.Xml.Linq.ni.dll MOD - [2012.05.29 20:28:13 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.05.29 20:22:22 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.05.29 20:22:21 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\8ec275d60f23035b499a67037212ef4f\System.Security.ni.dll MOD - [2012.05.29 20:22:14 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.05.29 20:22:02 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.05.29 20:21:49 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012.01.07 03:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe MOD - [2012.01.06 20:38:08 | 000,009,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll MOD - [2011.11.27 20:07:07 | 000,115,137 | ---- | M] () -- C:\Users\* * *\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll MOD - [2011.11.08 12:11:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.01.13 21:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll MOD - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2011.01.13 21:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll MOD - [2011.01.13 21:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll MOD - [2011.01.13 21:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll MOD - [2011.01.13 21:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll MOD - [2011.01.13 21:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll MOD - [2011.01.13 21:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll MOD - [2011.01.13 21:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll MOD - [2011.01.13 21:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll MOD - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2009.11.13 17:15:00 | 000,365,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll MOD - [2009.11.13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2009.11.13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2009.11.13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2009.11.13 17:15:00 | 000,046,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll MOD - [2009.11.13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll MOD - [2009.04.09 23:29:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2009.03.29 21:40:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.29 21:40:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.03.19 18:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV) SRV:64bit: - [2009.03.19 18:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2008.12.21 20:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2008.11.26 23:45:44 | 000,918,528 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2012.06.14 12:52:27 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.08 19:53:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 19:53:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.06 20:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2012.01.06 20:36:14 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 19:53:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 19:53:42 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss) DRV:64bit: - [2011.02.28 23:36:54 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HssDrv.sys -- (HssDrv) DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011.01.03 10:38:36 | 000,145,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.05.15 20:50:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.05.06 18:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid) DRV:64bit: - [2009.04.10 22:39:38 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser) DRV:64bit: - [2009.04.10 22:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2009.03.19 18:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.03.06 08:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd) DRV:64bit: - [2008.12.21 20:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY) DRV:64bit: - [2008.12.16 18:56:52 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX) DRV:64bit: - [2008.11.26 23:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300) DRV:64bit: - [2008.11.26 23:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2008.11.25 16:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:64bit: - [2008.10.28 17:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2008.10.07 19:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2008.09.15 19:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2008.09.15 19:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2008.09.15 19:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2008.02.25 10:59:14 | 000,112,512 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2008.01.21 04:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R) DRV:64bit: - [2007.11.14 10:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2006.11.01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr) DRV - [2011.05.12 20:10:40 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.berlin.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {8A98EB80-7689-498B-B39E-4BE93D32F3AB} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox IE - HKCU\..\SearchScopes\{8A98EB80-7689-498B-B39E-4BE93D32F3AB}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EPSON BX300F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_SF814.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [EPSON BX300F Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_S2B63.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {30A3CCA5-F34C-4E87-BB57-5A2F2C935E14} file:///E:/CDVIEWER/CdViewer.cab (AMI DicomDir TreeView Control 2.0) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F040E6-32BA-49E5-A291-E98C7A3EE46A}: NameServer = 150.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F06AA57A-B93B-4C3C-8287-D83B1100F386}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\* * *\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\* * *\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.12.13 10:54:38 | 000,000,000 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{283ef8a8-9d5d-11de-9546-002219f779e2}\Shell\AutoRun\command - "" = F:\.\MigWiz\migsetup.exe O33 - MountPoints2\{2bd949b1-933a-11de-abd8-002219f779e2}\Shell\AutoRun\command - "" = F:\.\dae_player.exe O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell - "" = AutoRun O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell - "" = AutoRun O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\AutoRun\command - "" = •Ë O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\explore\Command - "" = RECYCLER\INFO.exe O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\open\Command - "" = RECYCLER\INFO.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.18 15:55:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\* * *\Desktop\OTL.exe [2012.06.15 20:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.15 19:35:29 | 000,000,000 | ---D | C] -- C:\Users\* * *\AppData\Roaming\Malwarebytes [2012.06.15 19:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.15 19:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.15 19:35:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.15 19:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.13 11:37:14 | 000,000,000 | ---D | C] -- C:\Users\* * *\Desktop\20120613dawanda [2012.06.11 14:24:25 | 000,000,000 | ---D | C] -- C:\Users\* * *\Documents\Beihilfe [2012.06.03 11:45:06 | 000,000,000 | ---D | C] -- C:\Users\* * *\Documents\Gebrauchsanweisungen Babysitter ========== Files - Modified Within 30 Days ========== [2012.06.18 15:58:17 | 001,454,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.18 15:58:17 | 000,632,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.18 15:58:17 | 000,599,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.18 15:58:17 | 000,127,714 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.18 15:58:17 | 000,105,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.18 15:55:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\* * *\Desktop\OTL.exe [2012.06.18 15:51:06 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.18 15:51:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 15:51:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 15:50:54 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.06.18 15:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.18 15:50:42 | 4289,576,960 | -HS- | M] () -- C:\hiberfil.sys [2012.06.18 15:49:27 | 000,000,188 | ---- | M] () -- C:\Users\* * *\defogger_reenable [2012.06.18 15:28:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.18 15:21:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.15 22:03:00 | 000,405,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.15 19:35:21 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.14 13:04:01 | 000,000,732 | ---- | M] () -- C:\Users\* * *\AppData\Local\d3d9caps64.dat [2012.06.13 11:55:33 | 000,144,896 | ---- | M] () -- C:\Users\* * *\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.12 12:22:58 | 000,011,523 | ---- | M] () -- C:\Users\* * *\Desktop\100.jpg [2012.06.11 10:20:08 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job ========== Files Created - No Company Name ========== [2012.06.18 15:49:27 | 000,000,188 | ---- | C] () -- C:\Users\* * *\defogger_reenable [2012.06.18 15:48:46 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\80000000.@ [2012.06.18 11:58:39 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ [2012.06.18 11:58:38 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@ [2012.06.15 19:35:21 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.12 12:23:12 | 000,011,523 | ---- | C] () -- C:\Users\* * *\Desktop\100.jpg [2012.01.13 22:29:17 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\@ [2012.01.13 22:29:17 | 000,002,048 | -HS- | C] () -- C:\Users\* * *\AppData\Local\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\@ [2011.12.13 17:53:03 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011.12.13 17:53:02 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.12.13 17:53:02 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.12.13 17:53:02 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.12.13 17:53:02 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.12.13 17:53:02 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.12.13 17:53:02 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.12.13 17:53:02 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.12.13 17:53:02 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.12.13 17:53:02 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.12.13 17:53:02 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.12.13 17:53:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.12.13 17:53:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.12.13 17:53:02 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.12.13 17:53:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.12.13 17:53:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.12.13 17:53:02 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.12.13 17:53:02 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.12.13 17:53:02 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.12.13 17:51:37 | 000,000,025 | ---- | C] () -- C:\Windows\CDEBX300DEFGIPS.ini [2011.12.08 17:55:07 | 000,000,732 | ---- | C] () -- C:\Users\* * *\AppData\Local\d3d9caps64.dat [2011.11.13 10:43:16 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2011.11.13 10:43:16 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2011.11.13 10:43:15 | 000,559,104 | ---- | C] () -- C:\Windows\SysWow64\lame.exe [2011.11.13 10:43:15 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.11.13 10:43:12 | 000,693,765 | ---- | C] () -- C:\Users\* * *\AppData\Roaming\unins000.exe [2011.11.13 10:43:12 | 000,007,900 | ---- | C] () -- C:\Users\* * *\AppData\Roaming\unins000.dat [2011.11.02 19:48:53 | 000,000,000 | ---- | C] () -- C:\Users\* * *\AppData\Local\{29BC51ED-79B0-47D1-B13C-F2FA9DD19CFE} [2011.05.29 10:53:14 | 000,038,443 | ---- | C] () -- C:\Users\* * *\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.03.02 23:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.03.02 23:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.03.02 23:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.03.02 23:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.03.02 23:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== LOP Check ========== [2011.11.13 10:44:02 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\concept design [2011.12.30 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\DAEMON Tools Lite [2011.12.13 17:59:12 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\EPSON [2010.09.03 18:08:36 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\FileZilla [2012.03.25 10:40:25 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\GARMIN [2011.09.18 22:55:35 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\MyPhoneExplorer [2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Nokia [2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Nokia Ovi Suite [2010.03.28 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\PC Suite [2011.03.06 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\PCDr [2011.05.29 11:11:58 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Samsung [2009.10.28 22:33:49 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Template [2009.10.11 17:00:24 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Thunderbird [2012.06.11 10:20:08 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012.06.18 15:49:57 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.18 15:50:54 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.06.2012 15:56:04 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\* * *\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,92% Memory free
8,16 Gb Paging File | 6,06 Gb Available in Paging File | 74,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 38,78 Gb Free Space | 13,68% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 6,79 Gb Free Space | 46,35% Space Free | Partition Type: NTFS
Computer Name: MEPHISTO | User Name: * * * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 95 78 CE FD CF D6 CA 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E87F997C-3E93-6DAD-1AE6-619002BA9623}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8)
"CCleaner" = CCleaner
"Creative OA008" = Integrated Webcam Driver (1.04.01.0601)
"Dell Support Center" = Dell Support Center
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"SynTPDeinstKey" = Dell Touchpad
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CE69E03-1021-EB74-0836-C706CADC213A}" = Catalyst Control Center Localization Korean
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15F7FA6D-8FC5-08FD-2727-8AE6811A2A0D}" = CCC Help Russian
"{180BEABD-453E-4047-96B4-4F86EE605589}" = CCC Help Danish
"{181A0114-24D5-9E74-0138-4C8C27ED3EAC}" = Catalyst Control Center Graphics Light
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1E5196FA-47EF-F0C7-847B-960F3349E9B5}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2094F083-B28B-AFFD-4075-49E803BE17B7}" = CCC Help Italian
"{2116C03A-7111-9669-8009-9FD7F5AABA20}" = Catalyst Control Center Graphics Full New
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23467AA2-058A-1064-40C5-E0E0533C2D7D}" = Catalyst Control Center Localization French
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29
"{26B29DE2-7759-F8BB-FB10-98142B343C8C}" = CCC Help Korean
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2FB28284-51D3-C991-3940-694B1B629F2B}" = Catalyst Control Center Localization German
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3945F4B5-0FAD-38E3-B39B-2F497550C847}" = CCC Help French
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F6107B9-D211-EBCC-EA41-BD2FAC156A23}" = Catalyst Control Center Localization Japanese
"{3FD8C713-B1D5-D973-5351-50A918C02749}" = Catalyst Control Center Core Implementation
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{586DD9D2-09B2-D1DB-AD2A-95194A771C49}" = CCC Help Dutch
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C16A05F-C202-578A-108C-AFA4D9167CCC}" = Catalyst Control Center Localization Spanish
"{6C6D7326-770A-812B-B104-442F71A826F8}" = Catalyst Control Center Localization Russian
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EA1C352-4D16-5A9F-7751-D7AE08AA7F63}" = Catalyst Control Center Localization Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72085899-3540-2F67-F5C7-46FF826A235F}" = CCC Help German
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74622EDD-7879-3185-976D-A6098420D889}" = CCC Help Portuguese
"{7505BBE5-CB0C-5027-1228-15CC7C26C4C3}" = CCC Help English
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76C4BA9A-BFA5-151D-8A39-AA0E74041F83}" = Catalyst Control Center Localization Danish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A5C01F-E04C-9616-2E3D-D78CF889712B}" = Catalyst Control Center Graphics Full Existing
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79D34E3B-8826-170B-8B3D-A9CD9C2D28F5}" = ccc-core-static
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CDF0744-7A0D-961B-3695-49756E822FC4}" = Catalyst Control Center Localization Swedish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8247BD1D-C258-DBEE-3225-B9F0214763AB}" = CCC Help Japanese
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92491D2C-D9E9-5FDD-64CD-82D5688872A9}" = Catalyst Control Center Localization Italian
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EF77B2D-FF26-9237-BBAB-127110FD65CC}" = Catalyst Control Center Localization Portuguese
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACB08AF2-DFE9-C179-8BC9-E3209F3EBC28}" = CCC Help Chinese Traditional
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BB5F88FC-5D66-9316-0E48-E411941A8A74}" = Catalyst Control Center Graphics Previews Vista
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C17280C4-8BF2-946A-9C51-EEB2CD216D89}" = Catalyst Control Center Graphics Previews Common
"{C5D85C24-A56B-6954-77F1-B25A4B4E7B52}" = CCC Help Spanish
"{C8C5CE76-860E-B5FA-27EA-C52C74DDBD2D}" = Catalyst Control Center Localization Finnish
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDCFA0B9-06DA-C47E-2CF1-37C5F25DF753}" = Catalyst Control Center InstallProxy
"{D071B7C5-07A2-D000-05B8-2DE6A63249D9}" = Catalyst Control Center Localization Norwegian
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D2D3882A-3624-2963-EA08-27589DBCEF8A}" = CCC Help Norwegian
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8E8C42E-E817-C7DA-1A81-BFD8388B4014}" = CCC Help Swedish
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{EFD537AE-0530-8887-DC9C-433E113547D7}" = Catalyst Control Center Localization Chinese Standard
"{F081ED08-77AE-8019-D554-904EF4F88FC1}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F133ACD4-CFCF-BADD-4AC5-9408E2E7FD74}" = Catalyst Control Center Localization Dutch
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FB56BF24-6AB9-AC55-5B7A-D3657D2F4A38}" = Skins
"{FF6E1E83-CD7F-49E9-AE8C-D9804372D1FC}_is1" = CD goes MP3 7 Platinum
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"Company of Heroes" = Company of Heroes - Opposing Fronts
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Content Uploader" = DivX Content Uploader
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX300F_TX300F Benutzerhandbuch" = EPSON Stylus Office BX300F_TX300F Handbuch
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 2.24
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mobile Partner" = Mobile Partner
"MPE" = MyPhoneExplorer
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.01.2012 08:15:02 | Computer Name = mephisto | Source = Windows Search Service | ID = 3013
Description =
Error - 09.01.2012 17:56:38 | Computer Name = mephisto | Source = EventSystem | ID = 4621
Description =
Error - 13.01.2012 16:21:14 | Computer Name = mephisto | Source = WinMgmt | ID = 10
Description =
Error - 13.01.2012 16:32:02 | Computer Name = mephisto | Source = Perflib | ID = 1010
Description =
Error - 13.01.2012 16:32:04 | Computer Name = mephisto | Source = Perflib | ID = 1008
Description =
Error - 13.01.2012 19:45:34 | Computer Name = mephisto | Source = EventSystem | ID = 4621
Description =
Error - 15.01.2012 09:47:57 | Computer Name = mephisto | Source = WinMgmt | ID = 10
Description =
Error - 15.01.2012 15:13:39 | Computer Name = mephisto | Source = WinMgmt | ID = 10
Description =
Error - 15.01.2012 15:22:05 | Computer Name = mephisto | Source = Perflib | ID = 1010
Description =
Error - 15.01.2012 15:22:06 | Computer Name = mephisto | Source = Perflib | ID = 1008
Description =
[ Broadcom Wireless LAN Events ]
Error - 26.04.2012 06:17:07 | Computer Name = mephisto | Source = WLAN-Tray | ID = 0
Description = 12:17:06, Thu, Apr 26, 12 Error - Unable to gain access to user store
[ Dell Events ]
Error - 21.01.2012 07:41:46 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 21.01.2012 07:43:53 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 21.01.2012 07:43:53 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 21.01.2012 07:48:55 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 21.01.2012 07:48:55 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 25.01.2012 12:52:24 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 25.01.2012 12:52:24 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 30.03.2012 13:10:07 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 30.03.2012 13:10:07 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
Error - 02.04.2012 14:16:38 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
[ Media Center Events ]
Error - 09.09.2010 07:13:18 | Computer Name = mephisto | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
[ System Events ]
Error - 15.06.2012 16:03:46 | Computer Name = mephisto | Source = Service Control Manager | ID = 7023
Description =
Error - 15.06.2012 16:03:46 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description =
Error - 15.06.2012 16:03:46 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description =
Error - 16.06.2012 04:28:39 | Computer Name = mephisto | Source = Service Control Manager | ID = 7023
Description =
Error - 16.06.2012 04:28:39 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description =
Error - 16.06.2012 04:28:39 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description =
Error - 18.06.2012 05:21:01 | Computer Name = mephisto | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 18.06.2012 09:51:59 | Computer Name = mephisto | Source = Service Control Manager | ID = 7023
Description =
Error - 18.06.2012 09:51:59 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description =
Error - 18.06.2012 09:51:59 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description =
< End of report >
Vielen Dank für Eure Bemühungen Ilka Geändert von kjkjjj1108 (18.06.2012 um 16:20 Uhr) |
|
19.06.2012, 13:34
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
__________________Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
|
20.06.2012, 08:53
| #3 |
| | Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI Hallo Arne,
__________________danke, dass Du mir hilfst. Wir haben am Freitag schon einmal mit Malwarebytes gescannt. Allerdings bestand das Problem da schon. Hier aber trotzdem die Log-Files: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.15.07 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Ingo Buchholz :: MEPHISTO [Administrator] Schutz: Aktiviert 15.06.2012 19:41:08 mbam-log-2012-06-15 (19-41-08).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 469903 Laufzeit: 1 Stunde(n), 6 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter 2012/06/15 19:36:14 +0200 MEPHISTO *** MESSAGE Starting protection
2012/06/15 19:36:15 +0200 MEPHISTO *** MESSAGE Executing scheduled update: Daily
2012/06/15 19:36:16 +0200 MEPHISTO *** MESSAGE Database already up-to-date
2012/06/15 19:36:19 +0200 MEPHISTO *** MESSAGE Protection started successfully
2012/06/15 19:36:22 +0200 MEPHISTO *** MESSAGE Starting IP protection
2012/06/15 19:36:27 +0200 MEPHISTO *** MESSAGE IP Protection started successfully
2012/06/15 19:41:12 +0200 MEPHISTO *** IP-BLOCK 78.41.203.119 (Type: outgoing, Port: 55115, Process: svchost.exe)
2012/06/15 19:52:10 +0200 MEPHISTO *** IP-BLOCK 78.41.203.119 (Type: outgoing, Port: 55167, Process: svchost.exe)
2012/06/15 19:52:11 +0200 MEPHISTO *** IP-BLOCK 78.41.203.119 (Type: outgoing, Port: 55168, Process: svchost.exe)
2012/06/15 20:03:04 +0200 MEPHISTO *** IP-BLOCK 78.41.203.119 (Type: outgoing, Port: 55178, Process: svchost.exe)
2012/06/15 20:08:33 +0200 MEPHISTO *** IP-BLOCK 78.41.203.119 (Type: outgoing, Port: 55188, Process: svchost.exe)
2012/06/15 20:08:41 +0200 MEPHISTO *** IP-BLOCK 78.41.203.119 (Type: outgoing, Port: 55191, Process: svchost.exe)
2012/06/15 20:19:48 +0200 MEPHISTO *** IP-BLOCK 78.41.203.119 (Type: outgoing, Port: 55205, Process: svchost.exe)
2012/06/15 20:25:26 +0200 MEPHISTO *** IP-BLOCK 78.41.203.119 (Type: outgoing, Port: 55217, Process: svchost.exe)
2012/06/15 20:25:26 +0200 MEPHISTO *** IP-BLOCK 78.41.203.119 (Type: outgoing, Port: 55218, Process: svchost.exe)
2012/06/15 20:30:55 +0200 MEPHISTO *** IP-BLOCK 78.41.203.119 (Type: outgoing, Port: 55223, Process: svchost.exe)
2012/06/15 20:30:55 +0200 MEPHISTO *** IP-BLOCK 78.41.203.119 (Type: outgoing, Port: 55227, Process: svchost.exe)
2012/06/15 20:42:10 +0200 MEPHISTO *** IP-BLOCK 78.41.203.119 (Type: outgoing, Port: 55250, Process: svchost.exe)
2012/06/15 20:47:39 +0200 MEPHISTO *** IP-BLOCK 78.41.203.119 (Type: outgoing, Port: 55259, Process: svchost.exe)
2012/06/15 20:54:49 +0200 MEPHISTO *** DETECTION C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ Rootkit.0Access QUARANTINE
2012/06/15 20:58:28 +0200 MEPHISTO *** DETECTION C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ Rootkit.0Access DENY
2012/06/15 20:58:50 +0200 MEPHISTO *** IP-BLOCK 78.41.203.119 (Type: outgoing, Port: 55639, Process: svchost.exe)
2012/06/15 22:06:17 +0200 MEPHISTO *** MESSAGE Starting protection
2012/06/15 22:06:25 +0200 MEPHISTO *** MESSAGE Protection started successfully
2012/06/15 22:06:28 +0200 MEPHISTO *** MESSAGE Starting IP protection
2012/06/15 22:06:28 +0200 MEPHISTO *** ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
Code:
ATTFilter 2012/06/16 10:30:29 +0200 MEPHISTO *** MESSAGE Starting protection
2012/06/16 10:30:33 +0200 MEPHISTO *** MESSAGE Protection started successfully
2012/06/16 10:30:36 +0200 MEPHISTO *** MESSAGE Starting IP protection
2012/06/16 10:30:36 +0200 MEPHISTO *** ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
Code:
ATTFilter 2012/06/18 09:45:55 +0200 MEPHISTO *** DETECTION C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ Rootkit.0Access QUARANTINE
2012/06/18 09:46:06 +0200 MEPHISTO *** DETECTION C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ Rootkit.0Access DENY
2012/06/18 10:44:21 +0200 MEPHISTO *** MESSAGE Executing scheduled update: Daily
2012/06/18 10:44:22 +0200 MEPHISTO *** ERROR Scheduled update failed: Host not found failed with error code 0
2012/06/18 11:58:40 +0200 MEPHISTO *** DETECTION C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ Rootkit.0Access DENY
2012/06/18 12:05:35 +0200 MEPHISTO *** MESSAGE Starting database refresh
2012/06/18 12:05:47 +0200 MEPHISTO *** MESSAGE Database refreshed successfully
2012/06/18 15:53:42 +0200 MEPHISTO *** MESSAGE Starting protection
2012/06/18 15:53:49 +0200 MEPHISTO *** MESSAGE Protection started successfully
2012/06/18 15:53:52 +0200 MEPHISTO *** MESSAGE Starting IP protection
2012/06/18 15:53:52 +0200 MEPHISTO *** ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/06/18 15:53:52 +0200 MEPHISTO *** MESSAGE Starting IP protection
2012/06/18 15:53:52 +0200 MEPHISTO *** ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/06/18 16:13:29 +0200 MEPHISTO *** MESSAGE Starting IP protection
2012/06/18 16:13:29 +0200 MEPHISTO *** ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/06/18 21:34:50 +0200 MEPHISTO *** MESSAGE Starting protection
2012/06/18 21:34:55 +0200 MEPHISTO *** MESSAGE Protection started successfully
2012/06/18 21:34:59 +0200 MEPHISTO *** MESSAGE Starting IP protection
2012/06/18 21:34:59 +0200 MEPHISTO *** ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/06/18 21:55:07 +0200 MEPHISTO *** DETECTION C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ Rootkit.0Access QUARANTINE
2012/06/18 21:58:16 +0200 MEPHISTO *** DETECTION C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ Rootkit.0Access ALLOW
2012/06/18 21:58:16 +0200 MEPHISTO *** DETECTION C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ Rootkit.0Access ALLOW
Code:
ATTFilter 2012/06/20 09:38:56 +0200 MEPHISTO *** MESSAGE Starting protection
2012/06/20 09:39:04 +0200 MEPHISTO *** MESSAGE Protection started successfully
2012/06/20 09:39:07 +0200 MEPHISTO *** MESSAGE Starting IP protection
2012/06/20 09:39:07 +0200 MEPHISTO *** ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/06/20 09:44:38 +0200 MEPHISTO *** MESSAGE Executing scheduled update: Daily
2012/06/20 09:45:03 +0200 MEPHISTO *** MESSAGE Scheduled update executed successfully: database updated from version v2012.06.18.03 to version v2012.06.20.02
2012/06/20 09:45:03 +0200 MEPHISTO *** MESSAGE Starting database refresh
2012/06/20 09:45:09 +0200 MEPHISTO *** MESSAGE Database refreshed successfully
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 14. Juni 2012 12:50
Es wird nach 3833951 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows (TM) Vista Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MEPHISTO
Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 17:53:26
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 17:53:25
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 17:53:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 17:53:43
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 18:39:42
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 08:24:16
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:20:19
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 09:28:26
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 18:39:39
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 18:39:39
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 18:39:40
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 18:39:40
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 18:39:40
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 18:39:40
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 18:39:40
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 18:39:40
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 18:39:40
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 17:56:08
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 17:56:12
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 17:56:19
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 17:56:32
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 17:56:39
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 09:24:38
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 09:24:38
VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 13:29:29
VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 07:49:22
VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 19:00:48
VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 19:45:46
VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 19:45:51
VBASE026.VDF : 7.11.32.172 2048 Bytes 12.06.2012 19:45:51
VBASE027.VDF : 7.11.32.173 2048 Bytes 12.06.2012 19:45:51
VBASE028.VDF : 7.11.32.174 2048 Bytes 12.06.2012 19:45:51
VBASE029.VDF : 7.11.32.175 2048 Bytes 12.06.2012 19:45:51
VBASE030.VDF : 7.11.32.176 2048 Bytes 12.06.2012 19:45:51
VBASE031.VDF : 7.11.32.208 65024 Bytes 13.06.2012 20:32:54
Engineversion : 8.2.10.80
AEVDF.DLL : 8.1.2.8 106867 Bytes 03.06.2012 09:24:45
AESCRIPT.DLL : 8.1.4.24 450939 Bytes 03.06.2012 09:24:45
AESCN.DLL : 8.1.8.2 131444 Bytes 30.01.2012 10:20:48
AESBX.DLL : 8.2.5.10 606580 Bytes 29.05.2012 17:59:14
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.16 807288 Bytes 29.05.2012 17:58:49
AEOFFICE.DLL : 8.1.2.28 201082 Bytes 26.04.2012 17:11:24
AEHEUR.DLL : 8.1.4.36 4874615 Bytes 03.06.2012 09:24:45
AEHELP.DLL : 8.1.21.0 254326 Bytes 11.05.2012 18:39:29
AEGEN.DLL : 8.1.5.28 422260 Bytes 26.04.2012 17:11:18
AEEXP.DLL : 8.1.0.44 82293 Bytes 29.05.2012 17:59:17
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.10 201080 Bytes 03.06.2012 09:24:39
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 17:53:17
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 17:53:25
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 17:53:43
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 17:53:21
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 17:53:24
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 17:53:42
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 17:53:28
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 17:53:40
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 17:53:17
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 17:53:18
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fd9b0b1\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Donnerstag, 14. Juni 2012 12:50
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'InstallFlashPlayer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'java.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jp2launcher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroBroker.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Photoshop.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_3_300_257_ActiveX.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpntray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GarminLifetime.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WebcamDell.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDDXSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DataSafeOnline.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTLite.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Toaster.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DSUpd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'STSERVICE.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftservice.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsswd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsssrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpnas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DockLogin.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\***\AppData\Local\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\n'
C:\Users\***\AppData\Local\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\n
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55816bc8.qua' verschoben!
Ende des Suchlaufs: Donnerstag, 14. Juni 2012 12:51
Benötigte Zeit: 00:59 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
39 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
38 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Danke Ilka |
|
20.06.2012, 10:07
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FICode:
ATTFilter "ESET Online Scanner" = ESET Online Scanner v3
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.06.2012, 13:18
| #5 |
| | Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI Hallo Arne, das vom Freitag finde ich nicht mehr, ich scanne jetzt nochmal. Code:
ATTFilter C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@ Win64/Sirefef.AI trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ Win64/Sirefef.AH trojan cleaned by deleting - quarantined
|
|
20.06.2012, 15:17
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI |
|
20.06.2012, 17:52
| #7 |
| | Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI Hallo Arne, hier der OTL-File: Code:
ATTFilter OTL logfile created on: 20.06.2012 17:28:13 - Run 3 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Ingo Buchholz\Desktop\trojaner-board 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 46,55% Memory free 8,21 Gb Paging File | 5,83 Gb Available in Paging File | 70,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,40 Gb Total Space | 39,42 Gb Free Space | 13,91% Space Free | Partition Type: NTFS Drive D: | 14,65 Gb Total Space | 6,79 Gb Free Space | 46,35% Space Free | Partition Type: NTFS Computer Name: MEPHISTO | User Name: Ingo Buchholz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.18 15:55:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ingo Buchholz\Desktop\trojaner-board\OTL.exe PRC - [2012.06.14 12:52:26 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe PRC - [2012.05.08 19:53:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 19:53:24 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 19:53:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.01.07 03:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe PRC - [2012.01.06 20:36:14 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2012.01.06 16:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe PRC - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2011.11.08 12:11:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.01.13 21:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2011.01.13 21:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe PRC - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2008.11.11 18:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe PRC - [2008.05.23 21:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 22:28:31 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\592a9a12b07b624764df2eca289116d1\System.Web.Services.ni.dll MOD - [2012.06.15 22:09:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 12:19:20 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.06.14 12:18:49 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.06.14 12:18:41 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012.06.14 12:18:22 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.06.14 12:18:19 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012.06.14 11:59:03 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.14 11:58:42 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012.06.14 11:57:50 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.06.03 13:03:51 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012.06.03 12:04:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.06.03 11:23:26 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.06.03 11:22:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0b56e0ea0a4fca560a68607afae65ac9\System.Core.ni.dll MOD - [2012.06.03 11:21:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012.06.03 11:21:03 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.06.03 11:20:57 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.06.03 11:20:43 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012.05.29 20:32:50 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.05.29 20:28:15 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a8079623eab0ba9e106436885a0281d\System.Xml.Linq.ni.dll MOD - [2012.05.29 20:28:13 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.05.29 20:22:22 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.05.29 20:22:21 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\8ec275d60f23035b499a67037212ef4f\System.Security.ni.dll MOD - [2012.05.29 20:22:14 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.05.29 20:22:02 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.05.29 20:21:49 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012.01.07 03:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe MOD - [2012.01.06 20:38:08 | 000,009,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll MOD - [2011.01.13 21:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll MOD - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2011.01.13 21:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll MOD - [2011.01.13 21:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll MOD - [2011.01.13 21:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll MOD - [2011.01.13 21:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll MOD - [2011.01.13 21:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll MOD - [2011.01.13 21:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll MOD - [2011.01.13 21:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll MOD - [2011.01.13 21:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll MOD - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2009.11.13 17:15:00 | 000,365,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll MOD - [2009.11.13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2009.11.13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2009.11.13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2009.11.13 17:15:00 | 000,046,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll MOD - [2009.11.13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll MOD - [2009.04.09 23:29:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2009.03.29 21:40:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.29 21:40:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.03.19 18:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV) SRV:64bit: - [2009.03.19 18:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2008.12.21 20:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2008.11.26 23:45:44 | 000,918,528 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2012.06.14 12:52:27 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.08 19:53:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 19:53:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.06 20:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2012.01.06 20:36:14 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 19:53:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 19:53:42 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss) DRV:64bit: - [2011.02.28 23:36:54 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HssDrv.sys -- (HssDrv) DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011.01.03 10:38:36 | 000,145,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.05.15 20:50:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.05.06 18:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid) DRV:64bit: - [2009.04.10 22:39:38 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser) DRV:64bit: - [2009.04.10 22:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2009.03.19 18:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.03.06 08:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd) DRV:64bit: - [2008.12.21 20:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY) DRV:64bit: - [2008.12.16 18:56:52 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX) DRV:64bit: - [2008.11.26 23:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300) DRV:64bit: - [2008.11.26 23:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2008.11.25 16:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:64bit: - [2008.10.28 17:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2008.10.07 19:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2008.09.15 19:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2008.09.15 19:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2008.09.15 19:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2008.02.25 10:59:14 | 000,112,512 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2008.01.21 04:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R) DRV:64bit: - [2007.11.14 10:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2006.11.01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr) DRV - [2011.05.12 20:10:40 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.berlin.de/ IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes,DefaultScope = {8A98EB80-7689-498B-B39E-4BE93D32F3AB} IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{8A98EB80-7689-498B-B39E-4BE93D32F3AB}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms} IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [EPSON BX300F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_SF814.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [EPSON BX300F Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_S2B63.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {30A3CCA5-F34C-4E87-BB57-5A2F2C935E14} file:///E:/CDVIEWER/CdViewer.cab (AMI DicomDir TreeView Control 2.0) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F040E6-32BA-49E5-A291-E98C7A3EE46A}: NameServer = 150.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F06AA57A-B93B-4C3C-8287-D83B1100F386}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ingo Buchholz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Ingo Buchholz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.12.13 10:54:38 | 000,000,000 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{283ef8a8-9d5d-11de-9546-002219f779e2}\Shell\AutoRun\command - "" = F:\.\MigWiz\migsetup.exe O33 - MountPoints2\{2bd949b1-933a-11de-abd8-002219f779e2}\Shell\AutoRun\command - "" = F:\.\dae_player.exe O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell - "" = AutoRun O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell - "" = AutoRun O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\AutoRun\command - "" = ·Ë O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\explore\Command - "" = RECYCLER\INFO.exe O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\open\Command - "" = RECYCLER\INFO.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: WinDefend - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: BFE - Service SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MPSSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: WinDefend - Service SafeBootNet:64bit: WudfPf - Driver SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: BFE - Service SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - Service SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {50F7C24B-06C3-4DDB-BD23-2BBEC900379A} - Internet Explorer ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.20 11:57:59 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2012.06.20 11:40:57 | 000,000,000 | ---D | C] -- C:\Users\Ingo Buchholz\Desktop\trojaner-board [2012.06.15 20:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.15 19:35:29 | 000,000,000 | ---D | C] -- C:\Users\Ingo Buchholz\AppData\Roaming\Malwarebytes [2012.06.15 19:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.15 19:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.15 19:35:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.15 19:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.13 11:37:14 | 000,000,000 | ---D | C] -- C:\Users\Ingo Buchholz\Desktop\20120613dawanda [2012.06.11 14:24:25 | 000,000,000 | ---D | C] -- C:\Users\Ingo Buchholz\Documents\Beihilfe [2012.06.03 11:45:06 | 000,000,000 | ---D | C] -- C:\Users\Ingo Buchholz\Documents\Gebrauchsanweisungen Babysitter ========== Files - Modified Within 30 Days ========== [2012.06.20 17:28:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.20 17:28:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.20 17:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.20 17:21:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.20 11:00:07 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.06.20 10:21:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.20 09:35:51 | 001,454,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.20 09:35:51 | 000,632,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.20 09:35:51 | 000,598,596 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.20 09:35:51 | 000,127,714 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.20 09:35:51 | 000,104,610 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.20 09:28:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.20 09:28:43 | 4289,576,960 | -HS- | M] () -- C:\hiberfil.sys [2012.06.18 15:49:27 | 000,000,188 | ---- | M] () -- C:\Users\Ingo Buchholz\defogger_reenable [2012.06.15 22:03:00 | 000,405,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.14 13:04:01 | 000,000,732 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Local\d3d9caps64.dat [2012.06.13 11:55:33 | 000,144,896 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.12 12:22:58 | 000,011,523 | ---- | M] () -- C:\Users\Ingo Buchholz\100.jpg [2012.06.11 10:20:08 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job ========== Files Created - No Company Name ========== [2012.06.20 13:33:01 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ [2012.06.20 13:33:00 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\80000000.@ [2012.06.20 13:32:59 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@ [2012.06.18 15:49:27 | 000,000,188 | ---- | C] () -- C:\Users\Ingo Buchholz\defogger_reenable [2012.06.12 12:23:12 | 000,011,523 | ---- | C] () -- C:\Users\Ingo Buchholz\100.jpg [2012.01.13 22:29:17 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\@ [2012.01.13 22:29:17 | 000,002,048 | -HS- | C] () -- C:\Users\Ingo Buchholz\AppData\Local\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\@ [2011.12.13 17:53:03 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011.12.13 17:53:02 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.12.13 17:53:02 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.12.13 17:53:02 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.12.13 17:53:02 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.12.13 17:53:02 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.12.13 17:53:02 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.12.13 17:53:02 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.12.13 17:53:02 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.12.13 17:53:02 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.12.13 17:53:02 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.12.13 17:53:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.12.13 17:53:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.12.13 17:53:02 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.12.13 17:53:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.12.13 17:53:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.12.13 17:53:02 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.12.13 17:53:02 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.12.13 17:53:02 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.12.13 17:51:37 | 000,000,025 | ---- | C] () -- C:\Windows\CDEBX300DEFGIPS.ini [2011.12.08 17:55:07 | 000,000,732 | ---- | C] () -- C:\Users\Ingo Buchholz\AppData\Local\d3d9caps64.dat [2011.11.13 10:43:16 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2011.11.13 10:43:16 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2011.11.13 10:43:15 | 000,559,104 | ---- | C] () -- C:\Windows\SysWow64\lame.exe [2011.11.13 10:43:15 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.11.13 10:43:12 | 000,693,765 | ---- | C] () -- C:\Users\Ingo Buchholz\AppData\Roaming\unins000.exe [2011.11.13 10:43:12 | 000,007,900 | ---- | C] () -- C:\Users\Ingo Buchholz\AppData\Roaming\unins000.dat [2011.11.02 19:48:53 | 000,000,000 | ---- | C] () -- C:\Users\Ingo Buchholz\AppData\Local\{29BC51ED-79B0-47D1-B13C-F2FA9DD19CFE} [2011.05.29 10:53:14 | 000,038,443 | ---- | C] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.03.02 23:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.03.02 23:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.03.02 23:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.03.02 23:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.03.02 23:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== LOP Check ========== [2011.11.13 10:44:02 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\concept design [2011.12.30 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\DAEMON Tools Lite [2011.12.13 17:59:12 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\EPSON [2010.09.03 18:08:36 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\FileZilla [2012.03.25 10:40:25 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\GARMIN [2011.09.18 22:55:35 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\MyPhoneExplorer [2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Nokia [2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Nokia Ovi Suite [2010.03.28 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\PC Suite [2011.03.06 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr [2011.05.29 11:11:58 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung [2009.10.28 22:33:49 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Template [2009.10.11 17:00:24 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Thunderbird [2012.06.11 10:20:08 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012.06.18 21:58:21 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.20 11:00:07 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.06.15 13:49:27 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Adobe [2011.12.30 20:20:21 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Apple Computer [2009.08.27 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\ATI [2011.10.23 22:09:39 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Avira [2011.11.13 10:44:02 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\concept design [2009.09.22 23:13:30 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Creative [2010.05.20 06:33:05 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\CyberLink [2011.12.30 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\DAEMON Tools Lite [2011.05.26 22:03:43 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Dell [2010.05.20 20:44:45 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\DivX [2012.01.17 21:10:30 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\dvdcss [2011.12.13 17:59:12 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\EPSON [2010.09.03 18:08:36 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\FileZilla [2012.03.25 10:40:25 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\GARMIN [2009.08.27 21:07:52 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Identities [2011.12.13 17:53:00 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\InstallShield [2009.09.21 21:54:55 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Macromedia [2012.06.15 19:35:29 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Malwarebytes [2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Media Center Programs [2010.06.26 17:24:27 | 000,000,000 | --SD | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Microsoft [2009.10.11 17:00:25 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Mozilla [2011.09.18 22:55:35 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\MyPhoneExplorer [2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Nokia [2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Nokia Ovi Suite [2010.03.28 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\PC Suite [2011.03.06 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr [2009.10.11 22:39:57 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Roxio [2011.05.29 11:11:58 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung [2012.06.20 17:28:07 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Skype [2011.11.07 20:21:34 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\skypePM [2009.10.11 17:00:33 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Talkback [2009.10.28 22:33:49 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Template [2009.10.11 17:00:24 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Thunderbird [2012.03.30 19:28:24 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\vlc < %APPDATA%\*.exe /s > [2010.02.13 23:59:46 | 008,653,312 | ---- | M] (Dell, Inc. ) -- C:\Users\Ingo Buchholz\AppData\Roaming\DataSafeDotNet.exe [2011.11.13 10:42:28 | 000,693,765 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\unins000.exe [2011.05.26 21:59:35 | 054,781,576 | ---- | M] (Dell Inc) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5830_10_64_01.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\2a5e80c9-67eb-418f-a720-b36df0d47aca\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\42b6e642-85a1-49e1-bf3a-5b4fb741040d\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\44ecb15f-9d0a-45b3-9d7f-f1318d97fe07\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\49a13dfb-8a79-47be-8c41-b3c4b92c4cdd\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\814e6ed2-9606-4518-8dbe-605edb7cbc35\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\840bf6ca-ed55-4a57-ab42-8daeed010db3\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\8800af62-10de-41ca-b6c7-5d0e1689cee4\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\964d4a99-1185-4863-8401-41999c71990d\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\b93d6cab-5887-424c-bf66-71f5bd3e369d\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\d220d1f9-8229-4577-9906-b875ad739b6d\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\f253dfb5-7845-47f7-a8d7-e8ccf0d0e944\DellSignedAppUpdaterRules\AddCertificate.exe [2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\f953c0a2-d065-4574-8fd1-c3c9b1dc51c4\DellSignedAppUpdaterRules\AddCertificate.exe [2011.09.29 09:19:14 | 000,929,680 | ---- | M] (Samsung) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe [2011.09.29 09:19:18 | 000,278,928 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe [2011.09.16 04:58:14 | 000,285,696 | ---- | M] (Samsung) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe [2011.09.29 09:19:16 | 003,508,112 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe [2011.09.16 04:56:02 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe [2011.09.16 04:56:02 | 000,283,648 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe [2011.09.16 04:56:04 | 000,666,624 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe [2011.09.29 09:19:20 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe [2011.09.16 04:55:38 | 000,106,408 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe [2011.09.16 04:55:38 | 000,101,288 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe [2011.09.29 09:19:24 | 000,131,984 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe [2011.09.29 09:19:26 | 000,020,880 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe [2011.09.29 09:19:28 | 004,662,392 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe [2011.09.16 04:54:38 | 024,111,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2011.09.29 09:19:30 | 000,364,432 | ---- | M] (ml) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe [2011.11.08 12:11:58 | 000,392,080 | ---- | M] (ml) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.30 12:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys [2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys [2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys [2009.04.30 12:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll [2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll [2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll [2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll [2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > Ilka |
|
21.06.2012, 09:17
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [EPSON BX300F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_SF814.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [EPSON BX300F Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_S2B63.tmp" /EF "HKCU" File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F040E6-32BA-49E5-A291-E98C7A3EE46A}: NameServer = 150.0.0.1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.13 10:54:38 | 000,000,000 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{283ef8a8-9d5d-11de-9546-002219f779e2}\Shell\AutoRun\command - "" = F:\.\MigWiz\migsetup.exe
O33 - MountPoints2\{2bd949b1-933a-11de-abd8-002219f779e2}\Shell\AutoRun\command - "" = F:\.\dae_player.exe
O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\AutoRun\command - "" = ·Ë
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\explore\Command - "" = RECYCLER\INFO.exe
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\open\Command - "" = RECYCLER\INFO.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
:Files
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2012, 11:17
| #9 |
| | Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI Hallo und guten Morgen Arne, gerade habe ich versucht den OTL-Fix zu machen, als mittendrin plötzlich ein Windows-Fenster aufging und die Meldung kam: Es ist ein schwerwiegender Fehler aufgetreten, bitte sichern Sie Ihre Dateien, Windows wird in Kürze heruntergefahren (- oder so ähnlich). Dann kam von OTL die Fehlermeldung, dass dieses nicht mehr funktioniere und der Computer fuhr herunter... Ich werde den scan jetzt ein 2. Mal starten und hoffe, dass das diesmal klappt. Beste Grüße und bis später Ilka Okay, das ging jetzt schneller als erwartet. Beim Wideröffnen von OTL hat es nur ganz kurz gescannt, dann einen Neustart gemacht und mir das folgende Log-File ausgeworfen: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
File C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
File C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON BX300F Series not found.
Registry value HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON BX300F Series (Kopie 1) not found.
File move failed. C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A1F040E6-32BA-49E5-A291-E98C7A3EE46A}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File D:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{283ef8a8-9d5d-11de-9546-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{283ef8a8-9d5d-11de-9546-002219f779e2}\ not found.
File F:\.\MigWiz\migsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bd949b1-933a-11de-abd8-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bd949b1-933a-11de-abd8-002219f779e2}\ not found.
File F:\.\dae_player.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a13d9a99-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a13d9a99-a6e5-11de-883b-002219f779e2}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a13d9aac-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a13d9aac-a6e5-11de-883b-002219f779e2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a72ff795-0f10-11df-9a37-002219f779e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a72ff795-0f10-11df-9a37-002219f779e2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c68309b6-1095-11df-95b9-002219f779e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c68309b6-1095-11df-95b9-002219f779e2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
File ·Ë not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
File C:\RECYCLER\INFO.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
File C:\RECYCLER\INFO.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
========== FILES ==========
File\Folder C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 312622 bytes
->Temporary Internet Files folder emptied: 4672983 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 725 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 179462451 bytes
Total Files Cleaned = 176,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: ***
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.49.0 log created on 06212012_121806
Files\Folders moved on Reboot...
File\Folder C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
21.06.2012, 14:06
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2012, 15:01
| #11 |
| | Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI Hier das Logfile des TDSS-Killers: Code:
ATTFilter 15:48:34.0082 4048 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
15:48:35.0174 4048 ============================================================
15:48:35.0174 4048 Current date / time: 2012/06/21 15:48:35.0174
15:48:35.0174 4048 SystemInfo:
15:48:35.0174 4048
15:48:35.0174 4048 OS Version: 6.0.6002 ServicePack: 2.0
15:48:35.0174 4048 Product type: Workstation
15:48:35.0174 4048 ComputerName: MEPHISTO
15:48:35.0174 4048 UserName: ***
15:48:35.0174 4048 Windows directory: C:\Windows
15:48:35.0174 4048 System windows directory: C:\Windows
15:48:35.0174 4048 Running under WOW64
15:48:35.0174 4048 Processor architecture: Intel x64
15:48:35.0174 4048 Number of processors: 2
15:48:35.0174 4048 Page size: 0x1000
15:48:35.0174 4048 Boot type: Normal boot
15:48:35.0174 4048 ============================================================
15:48:36.0656 4048 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:48:36.0671 4048 ============================================================
15:48:36.0671 4048 \Device\Harddisk0\DR0:
15:48:36.0671 4048 MBR partitions:
15:48:36.0671 4048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
15:48:36.0671 4048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x236CE8EB
15:48:36.0671 4048 ============================================================
15:48:36.0702 4048 C: <-> \Device\Harddisk0\DR0\Partition1
15:48:36.0718 4048 D: <-> \Device\Harddisk0\DR0\Partition0
15:48:36.0718 4048 ============================================================
15:48:36.0718 4048 Initialize success
15:48:36.0718 4048 ============================================================
15:51:29.0385 3788 ============================================================
15:51:29.0385 3788 Scan started
15:51:29.0385 3788 Mode: Manual; SigCheck; TDLFS;
15:51:29.0385 3788 ============================================================
15:51:30.0399 3788 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
15:51:30.0586 3788 ACPI - ok
15:51:30.0664 3788 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:51:30.0711 3788 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
15:51:30.0711 3788 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
15:51:30.0898 3788 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:51:30.0914 3788 AdobeFlashPlayerUpdateSvc - ok
15:51:30.0992 3788 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
15:51:31.0039 3788 adp94xx - ok
15:51:31.0101 3788 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
15:51:31.0148 3788 adpahci - ok
15:51:31.0195 3788 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
15:51:31.0226 3788 adpu160m - ok
15:51:31.0257 3788 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
15:51:31.0288 3788 adpu320 - ok
15:51:31.0351 3788 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
15:51:31.0522 3788 AeLookupSvc - ok
15:51:31.0632 3788 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
15:51:31.0710 3788 AESTFilters - ok
15:51:31.0788 3788 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
15:51:31.0897 3788 AFD - ok
15:51:31.0944 3788 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
15:51:31.0959 3788 agp440 - ok
15:51:32.0006 3788 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:51:32.0037 3788 aic78xx - ok
15:51:32.0068 3788 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
15:51:32.0224 3788 ALG - ok
15:51:32.0240 3788 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
15:51:32.0271 3788 aliide - ok
15:51:32.0287 3788 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:51:32.0302 3788 amdide - ok
15:51:32.0318 3788 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
15:51:32.0396 3788 AmdK8 - ok
15:51:32.0443 3788 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
15:51:32.0490 3788 androidusb - ok
15:51:32.0661 3788 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:51:32.0677 3788 AntiVirSchedulerService - ok
15:51:32.0708 3788 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:51:32.0724 3788 AntiVirService - ok
15:51:32.0786 3788 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
15:51:32.0817 3788 Appinfo - ok
15:51:32.0833 3788 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
15:51:32.0848 3788 arc - ok
15:51:32.0880 3788 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
15:51:32.0895 3788 arcsas - ok
15:51:32.0926 3788 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:51:33.0004 3788 AsyncMac - ok
15:51:33.0036 3788 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
15:51:33.0051 3788 atapi - ok
15:51:33.0192 3788 Ati External Event Utility (00dace1d9a0da60215022c6b1fac1673) C:\Windows\system32\Ati2evxx.exe
15:51:33.0394 3788 Ati External Event Utility - ok
15:51:33.0909 3788 atikmdag (cef278088637401f07a0064b0b900a32) C:\Windows\system32\DRIVERS\atikmdag.sys
15:51:34.0143 3788 atikmdag - ok
15:51:34.0346 3788 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:51:34.0486 3788 AudioEndpointBuilder - ok
15:51:34.0502 3788 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:51:34.0549 3788 AudioSrv - ok
15:51:34.0705 3788 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
15:51:34.0720 3788 avgntflt - ok
15:51:34.0767 3788 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
15:51:34.0783 3788 avipbb - ok
15:51:34.0814 3788 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:51:34.0830 3788 avkmgr - ok
15:51:34.0970 3788 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:51:35.0001 3788 BBSvc - ok
15:51:35.0048 3788 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:51:35.0079 3788 BBUpdate - ok
15:51:35.0126 3788 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
15:51:35.0142 3788 BCM42RLY - ok
15:51:35.0344 3788 BCM43XX (912012b708a7d8e8ce2ee55afb663dff) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:51:35.0485 3788 BCM43XX - ok
15:51:35.0797 3788 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
15:51:35.0953 3788 BITS - ok
15:51:36.0140 3788 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
15:51:36.0234 3788 blbdrive - ok
15:51:36.0265 3788 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
15:51:36.0312 3788 bowser - ok
15:51:36.0343 3788 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:51:36.0390 3788 BrFiltLo - ok
15:51:36.0405 3788 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:51:36.0452 3788 BrFiltUp - ok
15:51:36.0499 3788 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
15:51:36.0577 3788 Browser - ok
15:51:36.0608 3788 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:51:36.0811 3788 Brserid - ok
15:51:36.0826 3788 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:51:36.0920 3788 BrSerWdm - ok
15:51:36.0936 3788 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:51:37.0029 3788 BrUsbMdm - ok
15:51:37.0076 3788 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:51:37.0170 3788 BrUsbSer - ok
15:51:37.0216 3788 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
15:51:37.0310 3788 BTHMODEM - ok
15:51:37.0341 3788 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:51:37.0435 3788 cdfs - ok
15:51:37.0466 3788 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
15:51:37.0528 3788 cdrom - ok
15:51:37.0575 3788 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:51:37.0622 3788 CertPropSvc - ok
15:51:37.0638 3788 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
15:51:37.0716 3788 circlass - ok
15:51:37.0778 3788 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
15:51:37.0809 3788 CLFS - ok
15:51:37.0918 3788 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:51:37.0950 3788 clr_optimization_v2.0.50727_32 - ok
15:51:37.0996 3788 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:51:38.0012 3788 clr_optimization_v2.0.50727_64 - ok
15:51:38.0121 3788 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:51:38.0137 3788 clr_optimization_v4.0.30319_32 - ok
15:51:38.0199 3788 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:51:38.0215 3788 clr_optimization_v4.0.30319_64 - ok
15:51:38.0262 3788 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
15:51:38.0340 3788 CmBatt - ok
15:51:38.0371 3788 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:51:38.0386 3788 cmdide - ok
15:51:38.0418 3788 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
15:51:38.0433 3788 Compbatt - ok
15:51:38.0449 3788 COMSysApp - ok
15:51:38.0449 3788 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
15:51:38.0480 3788 crcdisk - ok
15:51:38.0542 3788 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
15:51:38.0574 3788 CryptSvc - ok
15:51:38.0636 3788 CtClsFlt (11f13042577705093612c6a123caf12f) C:\Windows\system32\DRIVERS\CtClsFlt.sys
15:51:38.0683 3788 CtClsFlt - ok
15:51:38.0808 3788 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:51:38.0886 3788 DcomLaunch - ok
15:51:38.0917 3788 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
15:51:38.0964 3788 DfsC - ok
15:51:39.0307 3788 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
15:51:39.0478 3788 DFSR - ok
15:51:40.0024 3788 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
15:51:40.0087 3788 Dhcp - ok
15:51:40.0180 3788 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
15:51:40.0212 3788 disk - ok
15:51:40.0274 3788 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
15:51:40.0305 3788 Dnscache - ok
15:51:40.0446 3788 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
15:51:40.0477 3788 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
15:51:40.0477 3788 DockLoginService - detected UnsignedFile.Multi.Generic (1)
15:51:40.0524 3788 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
15:51:40.0586 3788 dot3svc - ok
15:51:40.0617 3788 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
15:51:40.0680 3788 DPS - ok
15:51:40.0726 3788 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:51:40.0789 3788 drmkaud - ok
15:51:40.0898 3788 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
15:51:40.0992 3788 DXGKrnl - ok
15:51:41.0101 3788 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
15:51:41.0210 3788 e1express - ok
15:51:41.0241 3788 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:51:41.0319 3788 E1G60 - ok
15:51:41.0350 3788 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
15:51:41.0428 3788 EapHost - ok
15:51:41.0491 3788 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
15:51:41.0522 3788 Ecache - ok
15:51:41.0616 3788 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
15:51:41.0647 3788 ehRecvr - ok
15:51:41.0694 3788 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
15:51:41.0725 3788 ehSched - ok
15:51:41.0740 3788 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
15:51:41.0772 3788 ehstart - ok
15:51:41.0818 3788 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
15:51:41.0865 3788 elxstor - ok
15:51:41.0959 3788 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
15:51:42.0099 3788 EMDMgmt - ok
15:51:42.0130 3788 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
15:51:42.0162 3788 ErrDev - ok
15:51:42.0224 3788 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
15:51:42.0349 3788 EventSystem - ok
15:51:42.0364 3788 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
15:51:42.0427 3788 exfat - ok
15:51:42.0458 3788 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
15:51:42.0520 3788 fastfat - ok
15:51:42.0552 3788 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
15:51:42.0598 3788 fdc - ok
15:51:42.0630 3788 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
15:51:42.0692 3788 fdPHost - ok
15:51:42.0708 3788 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
15:51:42.0801 3788 FDResPub - ok
15:51:42.0879 3788 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:51:42.0895 3788 FileInfo - ok
15:51:42.0910 3788 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:51:42.0973 3788 Filetrace - ok
15:51:42.0988 3788 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:51:43.0035 3788 flpydisk - ok
15:51:43.0098 3788 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
15:51:43.0129 3788 FltMgr - ok
15:51:43.0285 3788 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
15:51:43.0394 3788 FontCache - ok
15:51:43.0550 3788 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:51:43.0566 3788 FontCache3.0.0.0 - ok
15:51:43.0659 3788 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
15:51:43.0737 3788 Fs_Rec - ok
15:51:43.0768 3788 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
15:51:43.0784 3788 gagp30kx - ok
15:51:43.0893 3788 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
15:51:43.0987 3788 gpsvc - ok
15:51:44.0158 3788 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:51:44.0190 3788 gupdate - ok
15:51:44.0205 3788 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:51:44.0221 3788 gupdatem - ok
15:51:44.0283 3788 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
15:51:44.0330 3788 HdAudAddService - ok
15:51:44.0455 3788 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:51:44.0689 3788 HDAudBus - ok
15:51:44.0736 3788 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:51:44.0860 3788 HidBth - ok
15:51:44.0892 3788 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
15:51:45.0016 3788 HidIr - ok
15:51:45.0048 3788 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
15:51:45.0110 3788 hidserv - ok
15:51:45.0141 3788 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
15:51:45.0188 3788 HidUsb - ok
15:51:45.0219 3788 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
15:51:45.0282 3788 hkmsvc - ok
15:51:45.0313 3788 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
15:51:45.0328 3788 HpCISSs - ok
15:51:45.0484 3788 hshld (44452f7a09d00573dc6e714874257cc9) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
15:51:45.0531 3788 hshld - ok
15:51:45.0578 3788 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
15:51:45.0594 3788 HssDrv - ok
15:51:45.0703 3788 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
15:51:45.0734 3788 HssSrv - ok
15:51:45.0781 3788 HssTrayService (6b1dc08d22231c9e508a715f07fce7fb) C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
15:51:45.0796 3788 HssTrayService - ok
15:51:45.0812 3788 HssWd - ok
15:51:45.0921 3788 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
15:51:45.0999 3788 HTTP - ok
15:51:46.0062 3788 hwdatacard (21f59a1e203f637563c7fff5de2b2b85) C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:51:46.0108 3788 hwdatacard - ok
15:51:46.0124 3788 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
15:51:46.0155 3788 i2omp - ok
15:51:46.0171 3788 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:51:46.0218 3788 i8042prt - ok
15:51:46.0296 3788 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
15:51:46.0342 3788 iaStorV - ok
15:51:46.0452 3788 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:51:46.0452 3788 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:51:46.0452 3788 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:51:46.0779 3788 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:51:46.0904 3788 idsvc - ok
15:51:46.0982 3788 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:51:46.0998 3788 iirsp - ok
15:51:47.0076 3788 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
15:51:47.0200 3788 IKEEXT - ok
15:51:47.0263 3788 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
15:51:47.0294 3788 intelide - ok
15:51:47.0310 3788 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
15:51:47.0388 3788 intelppm - ok
15:51:47.0450 3788 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
15:51:47.0544 3788 IPBusEnum - ok
15:51:47.0637 3788 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:51:47.0715 3788 IpFilterDriver - ok
15:51:47.0715 3788 IpInIp - ok
15:51:47.0746 3788 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
15:51:47.0871 3788 IPMIDRV - ok
15:51:47.0887 3788 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:51:47.0949 3788 IPNAT - ok
15:51:47.0965 3788 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:51:48.0027 3788 IRENUM - ok
15:51:48.0074 3788 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
15:51:48.0090 3788 isapnp - ok
15:51:48.0152 3788 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
15:51:48.0183 3788 iScsiPrt - ok
15:51:48.0199 3788 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:51:48.0214 3788 iteatapi - ok
15:51:48.0246 3788 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:51:48.0277 3788 iteraid - ok
15:51:48.0324 3788 k57nd60a (eb5c7891b9e6e4a1a4428f2160b12b53) C:\Windows\system32\DRIVERS\k57nd60a.sys
15:51:48.0402 3788 k57nd60a - ok
15:51:48.0433 3788 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:51:48.0448 3788 kbdclass - ok
15:51:48.0480 3788 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:51:48.0542 3788 kbdhid - ok
15:51:48.0620 3788 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:51:48.0682 3788 KeyIso - ok
15:51:48.0807 3788 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
15:51:48.0838 3788 KSecDD - ok
15:51:48.0901 3788 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:51:48.0979 3788 ksthunk - ok
15:51:49.0057 3788 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
15:51:49.0228 3788 KtmRm - ok
15:51:49.0291 3788 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
15:51:49.0338 3788 LanmanServer - ok
15:51:49.0416 3788 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
15:51:49.0478 3788 LanmanWorkstation - ok
15:51:49.0494 3788 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:51:49.0572 3788 lltdio - ok
15:51:49.0650 3788 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
15:51:49.0728 3788 lltdsvc - ok
15:51:49.0774 3788 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
15:51:49.0868 3788 lmhosts - ok
15:51:49.0946 3788 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
15:51:50.0071 3788 LSI_FC - ok
15:51:50.0118 3788 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
15:51:50.0149 3788 LSI_SAS - ok
15:51:50.0164 3788 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
15:51:50.0227 3788 LSI_SCSI - ok
15:51:50.0258 3788 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:51:50.0367 3788 luafv - ok
15:51:50.0414 3788 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:51:50.0430 3788 MBAMProtector - ok
15:51:50.0539 3788 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:51:50.0586 3788 MBAMService - ok
15:51:50.0648 3788 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
15:51:50.0679 3788 Mcx2Svc - ok
15:51:50.0804 3788 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
15:51:50.0835 3788 MDM ( UnsignedFile.Multi.Generic ) - warning
15:51:50.0835 3788 MDM - detected UnsignedFile.Multi.Generic (1)
15:51:50.0882 3788 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
15:51:50.0898 3788 megasas - ok
15:51:51.0007 3788 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
15:51:51.0054 3788 MegaSR - ok
15:51:51.0132 3788 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:51:51.0147 3788 Microsoft Office Groove Audit Service - ok
15:51:51.0163 3788 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:51:51.0256 3788 MMCSS - ok
15:51:51.0303 3788 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:51:51.0381 3788 Modem - ok
15:51:51.0412 3788 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:51:51.0475 3788 monitor - ok
15:51:51.0522 3788 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:51:51.0553 3788 mouclass - ok
15:51:51.0584 3788 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:51:51.0662 3788 mouhid - ok
15:51:51.0678 3788 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:51:51.0709 3788 MountMgr - ok
15:51:51.0740 3788 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
15:51:51.0771 3788 mpio - ok
15:51:51.0818 3788 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:51:51.0865 3788 mpsdrv - ok
15:51:51.0896 3788 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:51:51.0912 3788 Mraid35x - ok
15:51:51.0958 3788 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
15:51:52.0021 3788 MRxDAV - ok
15:51:52.0083 3788 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:51:52.0130 3788 mrxsmb - ok
15:51:52.0224 3788 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:51:52.0333 3788 mrxsmb10 - ok
15:51:52.0348 3788 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:51:52.0411 3788 mrxsmb20 - ok
15:51:52.0426 3788 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
15:51:52.0458 3788 msahci - ok
15:51:52.0473 3788 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
15:51:52.0504 3788 msdsm - ok
15:51:52.0536 3788 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
15:51:52.0598 3788 MSDTC - ok
15:51:52.0723 3788 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:51:52.0785 3788 Msfs - ok
15:51:52.0816 3788 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:51:52.0832 3788 msisadrv - ok
15:51:52.0926 3788 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
15:51:53.0004 3788 MSiSCSI - ok
15:51:53.0004 3788 msiserver - ok
15:51:53.0035 3788 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:51:53.0113 3788 MSKSSRV - ok
15:51:53.0113 3788 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:51:53.0206 3788 MSPCLOCK - ok
15:51:53.0222 3788 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:51:53.0284 3788 MSPQM - ok
15:51:53.0378 3788 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
15:51:53.0425 3788 MsRPC - ok
15:51:53.0440 3788 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:51:53.0472 3788 mssmbios - ok
15:51:53.0487 3788 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:51:53.0565 3788 MSTEE - ok
15:51:53.0596 3788 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
15:51:53.0628 3788 Mup - ok
15:51:53.0706 3788 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
15:51:53.0815 3788 napagent - ok
15:51:53.0908 3788 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
15:51:53.0986 3788 NativeWifiP - ok
15:51:54.0142 3788 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
15:51:54.0236 3788 NDIS - ok
15:51:54.0283 3788 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:51:54.0330 3788 NdisTapi - ok
15:51:54.0345 3788 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:51:54.0408 3788 Ndisuio - ok
15:51:54.0470 3788 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
15:51:54.0532 3788 NdisWan - ok
15:51:54.0564 3788 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:51:54.0626 3788 NDProxy - ok
15:51:54.0673 3788 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:51:54.0766 3788 NetBIOS - ok
15:51:54.0829 3788 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
15:51:54.0891 3788 netbt - ok
15:51:54.0922 3788 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:51:54.0954 3788 Netlogon - ok
15:51:55.0047 3788 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
15:51:55.0156 3788 Netman - ok
15:51:55.0203 3788 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
15:51:55.0297 3788 netprofm - ok
15:51:55.0422 3788 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:51:55.0468 3788 NetTcpPortSharing - ok
15:51:55.0500 3788 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:51:55.0531 3788 nfrd960 - ok
15:51:55.0593 3788 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
15:51:55.0671 3788 NlaSvc - ok
15:51:55.0687 3788 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
15:51:55.0749 3788 Npfs - ok
15:51:55.0812 3788 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
15:51:55.0890 3788 nsi - ok
15:51:56.0092 3788 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:51:56.0155 3788 nsiproxy - ok
15:51:56.0373 3788 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
15:51:56.0576 3788 Ntfs - ok
15:51:57.0262 3788 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:51:57.0325 3788 Null - ok
15:51:57.0450 3788 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
15:51:57.0481 3788 nvraid - ok
15:51:57.0559 3788 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
15:51:57.0574 3788 nvstor - ok
15:51:57.0606 3788 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
15:51:57.0637 3788 nv_agp - ok
15:51:57.0637 3788 NwlnkFlt - ok
15:51:57.0652 3788 NwlnkFwd - ok
15:51:57.0730 3788 OA008Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA008Ufd.sys
15:51:57.0777 3788 OA008Ufd - ok
15:51:57.0886 3788 OA008Vid (126885007e8f601861165fc77c93f1be) C:\Windows\system32\DRIVERS\OA008Vid.sys
15:51:57.0933 3788 OA008Vid - ok
15:51:58.0167 3788 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:51:58.0230 3788 odserv - ok
15:51:58.0308 3788 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
15:51:58.0354 3788 ohci1394 - ok
15:51:58.0401 3788 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:51:58.0417 3788 ose - ok
15:51:58.0604 3788 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:51:58.0713 3788 p2pimsvc - ok
15:51:58.0729 3788 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:51:58.0776 3788 p2psvc - ok
15:51:58.0854 3788 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
15:51:59.0010 3788 Parport - ok
15:51:59.0150 3788 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
15:51:59.0166 3788 partmgr - ok
15:51:59.0275 3788 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
15:51:59.0306 3788 PcaSvc - ok
15:51:59.0337 3788 pccsmcfd - ok
15:51:59.0337 3788 PCD5SRVC{048DBD20-445E8C82-05040104} - ok
15:51:59.0524 3788 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
15:51:59.0556 3788 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
15:51:59.0680 3788 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
15:51:59.0712 3788 pci - ok
15:51:59.0774 3788 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
15:51:59.0805 3788 pciide - ok
15:51:59.0821 3788 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
15:51:59.0852 3788 pcmcia - ok
15:51:59.0977 3788 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:52:00.0133 3788 PEAUTH - ok
15:52:00.0289 3788 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
15:52:00.0351 3788 PerfHost - ok
15:52:00.0554 3788 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
15:52:00.0788 3788 pla - ok
15:52:00.0882 3788 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
15:52:00.0944 3788 PlugPlay - ok
15:52:01.0116 3788 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:52:01.0209 3788 PNRPAutoReg - ok
15:52:01.0240 3788 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:52:01.0318 3788 PNRPsvc - ok
15:52:01.0443 3788 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
15:52:01.0584 3788 PolicyAgent - ok
15:52:01.0708 3788 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
15:52:01.0771 3788 PptpMiniport - ok
15:52:01.0833 3788 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
15:52:01.0896 3788 Processor - ok
15:52:01.0942 3788 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
15:52:02.0036 3788 ProfSvc - ok
15:52:02.0114 3788 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:52:02.0130 3788 ProtectedStorage - ok
15:52:02.0176 3788 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
15:52:02.0223 3788 PSched - ok
15:52:02.0270 3788 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
15:52:02.0286 3788 PxHlpa64 - ok
15:52:02.0488 3788 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
15:52:02.0629 3788 ql2300 - ok
15:52:02.0644 3788 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:52:02.0660 3788 ql40xx - ok
15:52:02.0785 3788 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
15:52:02.0878 3788 QWAVE - ok
15:52:02.0941 3788 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:52:02.0956 3788 QWAVEdrv - ok
15:52:03.0471 3788 R300 (cef278088637401f07a0064b0b900a32) C:\Windows\system32\DRIVERS\atikmdag.sys
15:52:03.0627 3788 R300 - ok
15:52:03.0830 3788 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:52:03.0908 3788 RasAcd - ok
15:52:03.0970 3788 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
15:52:04.0048 3788 RasAuto - ok
15:52:04.0095 3788 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:52:04.0158 3788 Rasl2tp - ok
15:52:04.0220 3788 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
15:52:04.0314 3788 RasMan - ok
15:52:04.0438 3788 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
15:52:04.0548 3788 RasPppoe - ok
15:52:04.0563 3788 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
15:52:04.0594 3788 RasSstp - ok
15:52:04.0641 3788 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
15:52:04.0735 3788 rdbss - ok
15:52:04.0750 3788 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:52:04.0813 3788 RDPCDD - ok
15:52:04.0875 3788 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
15:52:04.0969 3788 rdpdr - ok
15:52:04.0969 3788 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:52:05.0031 3788 RDPENCDD - ok
15:52:05.0109 3788 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
15:52:05.0218 3788 RDPWD - ok
15:52:05.0250 3788 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
15:52:05.0359 3788 RemoteAccess - ok
15:52:05.0437 3788 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
15:52:05.0546 3788 RemoteRegistry - ok
15:52:05.0749 3788 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
15:52:05.0780 3788 RichVideo - ok
15:52:05.0827 3788 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
15:52:05.0858 3788 rimmptsk - ok
15:52:05.0920 3788 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
15:52:05.0952 3788 rimsptsk - ok
15:52:05.0998 3788 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
15:52:06.0030 3788 rismxdp - ok
15:52:06.0045 3788 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
15:52:06.0076 3788 RpcLocator - ok
15:52:06.0186 3788 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:52:06.0248 3788 RpcSs - ok
15:52:06.0295 3788 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:52:06.0357 3788 rspndr - ok
15:52:06.0404 3788 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:52:06.0435 3788 SamSs - ok
15:52:06.0498 3788 sbp2port (8c8862dc7417d89b375492c981c491f7) C:\Windows\system32\DRIVERS\sbp2port.sys
15:52:06.0529 3788 sbp2port - ok
15:52:06.0591 3788 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
15:52:06.0669 3788 SCardSvr - ok
15:52:06.0810 3788 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
15:52:06.0981 3788 Schedule - ok
15:52:07.0059 3788 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:52:07.0106 3788 SCPolicySvc - ok
15:52:07.0168 3788 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
15:52:07.0278 3788 sdbus - ok
15:52:07.0324 3788 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
15:52:07.0402 3788 SDRSVC - ok
15:52:07.0418 3788 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:52:07.0527 3788 secdrv - ok
15:52:07.0558 3788 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
15:52:07.0683 3788 seclogon - ok
15:52:07.0730 3788 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
15:52:07.0839 3788 SENS - ok
15:52:07.0902 3788 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
15:52:07.0995 3788 Serenum - ok
15:52:08.0042 3788 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
15:52:08.0198 3788 Serial - ok
15:52:08.0214 3788 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:52:08.0307 3788 sermouse - ok
15:52:08.0370 3788 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
15:52:08.0432 3788 SessionEnv - ok
15:52:08.0494 3788 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
15:52:08.0526 3788 sffdisk - ok
15:52:08.0557 3788 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
15:52:08.0619 3788 sffp_mmc - ok
15:52:08.0650 3788 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:52:08.0713 3788 sffp_sd - ok
15:52:08.0775 3788 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
15:52:08.0869 3788 sfloppy - ok
15:52:09.0134 3788 SftService (38f88f0df46c4d42125ef721abd7f6b9) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
15:52:09.0165 3788 SftService - ok
15:52:09.0243 3788 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
15:52:09.0274 3788 ShellHWDetection - ok
15:52:09.0321 3788 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
15:52:09.0337 3788 SiSRaid2 - ok
15:52:09.0384 3788 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
15:52:09.0415 3788 SiSRaid4 - ok
15:52:09.0742 3788 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
15:52:09.0976 3788 slsvc - ok
15:52:10.0226 3788 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
15:52:10.0257 3788 SLUINotify - ok
15:52:10.0382 3788 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
15:52:10.0460 3788 Smb - ok
15:52:10.0538 3788 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
15:52:10.0569 3788 SNMPTRAP - ok
15:52:10.0647 3788 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
15:52:10.0663 3788 spldr - ok
15:52:10.0741 3788 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
15:52:10.0803 3788 Spooler - ok
15:52:10.0944 3788 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
15:52:11.0053 3788 sptd - ok
15:52:11.0131 3788 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
15:52:11.0209 3788 srv - ok
15:52:11.0271 3788 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
15:52:11.0349 3788 srv2 - ok
15:52:11.0365 3788 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
15:52:11.0396 3788 srvnet - ok
15:52:11.0427 3788 ssadbus (d52282225d5bd73a9cbf420699d1a0fe) C:\Windows\system32\DRIVERS\ssadbus.sys
15:52:11.0490 3788 ssadbus - ok
15:52:11.0505 3788 ssadmdfl (f7936ac6e8437e10e1ae488ce21f3086) C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:52:11.0536 3788 ssadmdfl - ok
15:52:11.0568 3788 ssadmdm (1fe033372a58c67b3ecca903fc637b36) C:\Windows\system32\DRIVERS\ssadmdm.sys
15:52:11.0599 3788 ssadmdm - ok
15:52:11.0630 3788 ssadserd (5eb7da2f72b90c8398df9d7a82e43fcb) C:\Windows\system32\DRIVERS\ssadserd.sys
15:52:11.0677 3788 ssadserd - ok
15:52:11.0755 3788 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
15:52:11.0786 3788 sscdbus - ok
15:52:11.0817 3788 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:52:11.0833 3788 sscdmdfl - ok
15:52:11.0880 3788 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
15:52:11.0895 3788 sscdmdm - ok
15:52:11.0989 3788 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
15:52:12.0051 3788 SSDPSRV - ok
15:52:12.0114 3788 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
15:52:12.0176 3788 SstpSvc - ok
15:52:12.0332 3788 STacSV (c5df63ae2693c9b6b01b4a2e6c1c64ac) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
15:52:12.0379 3788 STacSV - ok
15:52:12.0488 3788 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
15:52:12.0597 3788 STHDA - ok
15:52:12.0691 3788 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
15:52:12.0831 3788 stisvc - ok
15:52:12.0940 3788 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:52:12.0956 3788 stllssvr - ok
15:52:13.0003 3788 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:52:13.0018 3788 swenum - ok
15:52:13.0112 3788 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
15:52:13.0174 3788 swprv - ok
15:52:13.0315 3788 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:52:13.0346 3788 Symc8xx - ok
15:52:13.0393 3788 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:52:13.0424 3788 Sym_hi - ok
15:52:13.0471 3788 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:52:13.0486 3788 Sym_u3 - ok
15:52:13.0580 3788 SynTP (79a93ec9d224b1f43c0e2f023d61dca3) C:\Windows\system32\DRIVERS\SynTP.sys
15:52:13.0611 3788 SynTP - ok
15:52:13.0736 3788 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
15:52:13.0939 3788 SysMain - ok
15:52:13.0986 3788 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
15:52:14.0079 3788 TabletInputService - ok
15:52:14.0110 3788 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
15:52:14.0126 3788 taphss - ok
15:52:14.0204 3788 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
15:52:14.0282 3788 TapiSrv - ok
15:52:14.0329 3788 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
15:52:14.0391 3788 TBS - ok
15:52:14.0610 3788 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
15:52:14.0797 3788 Tcpip - ok
15:52:15.0202 3788 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
15:52:15.0327 3788 Tcpip6 - ok
15:52:15.0530 3788 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
15:52:15.0577 3788 tcpipreg - ok
15:52:15.0655 3788 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:52:15.0717 3788 TDPIPE - ok
15:52:15.0748 3788 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:52:15.0811 3788 TDTCP - ok
15:52:15.0873 3788 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
15:52:15.0967 3788 tdx - ok
15:52:16.0029 3788 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
15:52:16.0060 3788 TermDD - ok
15:52:16.0170 3788 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
15:52:16.0279 3788 TermService - ok
15:52:16.0372 3788 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
15:52:16.0404 3788 Themes - ok
15:52:16.0482 3788 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:52:16.0544 3788 THREADORDER - ok
15:52:16.0591 3788 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
15:52:16.0684 3788 TrkWks - ok
15:52:16.0731 3788 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
15:52:16.0778 3788 TrustedInstaller - ok
15:52:16.0809 3788 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:52:16.0872 3788 tssecsrv - ok
15:52:16.0950 3788 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:52:17.0028 3788 tunmp - ok
15:52:17.0074 3788 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
15:52:17.0090 3788 tunnel - ok
15:52:17.0121 3788 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
15:52:17.0152 3788 uagp35 - ok
15:52:17.0246 3788 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
15:52:17.0355 3788 udfs - ok
15:52:17.0418 3788 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
15:52:17.0480 3788 UI0Detect - ok
15:52:17.0527 3788 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
15:52:17.0542 3788 uliagpkx - ok
15:52:17.0574 3788 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
15:52:17.0605 3788 uliahci - ok
15:52:17.0636 3788 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:52:17.0698 3788 UlSata - ok
15:52:17.0745 3788 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:52:17.0792 3788 ulsata2 - ok
15:52:17.0823 3788 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:52:17.0886 3788 umbus - ok
15:52:17.0948 3788 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
15:52:18.0182 3788 upnphost - ok
15:52:18.0244 3788 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
15:52:18.0307 3788 usbccgp - ok
15:52:18.0322 3788 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
15:52:18.0416 3788 usbcir - ok
15:52:18.0463 3788 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
15:52:18.0541 3788 usbehci - ok
15:52:18.0619 3788 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
15:52:18.0744 3788 usbhub - ok
15:52:18.0759 3788 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
15:52:18.0853 3788 usbohci - ok
15:52:18.0900 3788 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
15:52:18.0946 3788 usbprint - ok
15:52:19.0134 3788 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
15:52:19.0196 3788 usbscan - ok
15:52:19.0258 3788 usbser (f7386007fb19e7685fc7b298560aa81f) C:\Windows\system32\DRIVERS\usbser.sys
15:52:19.0305 3788 usbser - ok
15:52:19.0352 3788 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:52:19.0446 3788 USBSTOR - ok
15:52:19.0492 3788 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
15:52:19.0539 3788 usbuhci - ok
15:52:19.0617 3788 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
15:52:19.0664 3788 UxSms - ok
15:52:19.0836 3788 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
15:52:19.0898 3788 vds - ok
15:52:19.0945 3788 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
15:52:20.0085 3788 vga - ok
15:52:20.0101 3788 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:52:20.0194 3788 VgaSave - ok
15:52:20.0241 3788 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:52:20.0272 3788 viaide - ok
15:52:20.0319 3788 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
15:52:20.0350 3788 volmgr - ok
15:52:20.0428 3788 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
15:52:20.0475 3788 volmgrx - ok
15:52:20.0538 3788 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
15:52:20.0569 3788 volsnap - ok
15:52:20.0631 3788 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
15:52:20.0662 3788 vsmraid - ok
15:52:20.0881 3788 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
15:52:21.0068 3788 VSS - ok
15:52:21.0208 3788 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
15:52:21.0286 3788 W32Time - ok
15:52:21.0333 3788 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:52:21.0427 3788 WacomPen - ok
15:52:21.0474 3788 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:21.0567 3788 Wanarp - ok
15:52:21.0583 3788 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:21.0630 3788 Wanarpv6 - ok
15:52:21.0692 3788 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
15:52:21.0723 3788 wcncsvc - ok
15:52:21.0754 3788 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
15:52:21.0801 3788 WcsPlugInService - ok
15:52:21.0832 3788 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
15:52:21.0864 3788 Wd - ok
15:52:21.0973 3788 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:52:22.0035 3788 Wdf01000 - ok
15:52:22.0082 3788 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:52:22.0176 3788 WdiServiceHost - ok
15:52:22.0191 3788 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:52:22.0269 3788 WdiSystemHost - ok
15:52:22.0332 3788 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
15:52:22.0410 3788 WebClient - ok
15:52:22.0456 3788 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
15:52:22.0534 3788 Wecsvc - ok
15:52:22.0550 3788 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
15:52:22.0597 3788 wercplsupport - ok
15:52:22.0628 3788 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
15:52:22.0722 3788 WerSvc - ok
15:52:22.0815 3788 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
15:52:22.0846 3788 WimFltr - ok
15:52:22.0846 3788 WinHttpAutoProxySvc - ok
15:52:22.0956 3788 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
15:52:23.0080 3788 Winmgmt - ok
15:52:23.0330 3788 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
15:52:23.0455 3788 WinRM - ok
15:52:23.0704 3788 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
15:52:23.0814 3788 Wlansvc - ok
15:52:23.0814 3788 wltrysvc - ok
15:52:23.0860 3788 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:52:23.0892 3788 WmiAcpi - ok
15:52:23.0985 3788 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
15:52:24.0032 3788 wmiApSrv - ok
15:52:24.0094 3788 WMPNetworkSvc - ok
15:52:24.0250 3788 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
15:52:24.0282 3788 WPCSvc - ok
15:52:24.0500 3788 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
15:52:24.0547 3788 WPDBusEnum - ok
15:52:24.0594 3788 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
15:52:24.0609 3788 WpdUsb - ok
15:52:24.0968 3788 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:52:25.0077 3788 WPFFontCache_v0400 - ok
15:52:25.0124 3788 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
15:52:25.0218 3788 ws2ifsl - ok
15:52:25.0218 3788 WSearch - ok
15:52:25.0561 3788 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:52:25.0810 3788 wuauserv - ok
15:52:26.0122 3788 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:52:26.0216 3788 WUDFRd - ok
15:52:26.0341 3788 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
15:52:26.0419 3788 wudfsvc - ok
15:52:26.0481 3788 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
15:52:28.0962 3788 \Device\Harddisk0\DR0 - ok
15:52:29.0008 3788 Boot (0x1200) (11e0a8b220cf7cc09f6c2d15f0807d57) \Device\Harddisk0\DR0\Partition0
15:52:29.0008 3788 \Device\Harddisk0\DR0\Partition0 - ok
15:52:29.0040 3788 Boot (0x1200) (7bde9048671208b939c218667ed213a4) \Device\Harddisk0\DR0\Partition1
15:52:29.0040 3788 \Device\Harddisk0\DR0\Partition1 - ok
15:52:29.0040 3788 ============================================================
15:52:29.0040 3788 Scan finished
15:52:29.0040 3788 ============================================================
15:52:29.0071 1496 Detected object count: 4
15:52:29.0071 1496 Actual detected object count: 4
15:52:47.0962 1496 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:47.0962 1496 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:47.0962 1496 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:47.0962 1496 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:47.0962 1496 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:47.0962 1496 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:47.0978 1496 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:47.0978 1496 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
21.06.2012, 15:27
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2012, 15:59
| #13 | |
| | Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI Hilfe! Habe gemacht, worum Du mich gebeten hast. Vor allem alle Virenscanner geschlossen (Echtzeitscanner deaktiviert). Dann habe ich Combofix gestartet. Das lief los und gab dann die "Achtung"-Meldung, dass Avira Desktop aktiv sei. Ich habe daraufhin Avira überprüft und auf okay geklickt. Jetzt meldet ComboFix: Zitat:
Was muss ich tun? - Mittlerweile hast Du Feierabend gemacht, darum lasse ich jetzt einfach mal den Rechner so stehen und hoffe auf morgen früh... Danke Ilka Geändert von kjkjjj1108 (21.06.2012 um 16:36 Uhr) |
|
21.06.2012, 18:49
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI Wenn AntiVir deaktiviert wurde kannst du diese Meldung ignorieren und CF werkeln lassen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.06.2012, 06:16
| #15 |
| | Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI Guten morgen, ComboFix ist jetzt durchgelaufen. Hier das LogFile: Code:
ATTFilter ComboFix 12-06-21.02 - *** 21.06.2012 22:53:43.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4090.2456 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\100.jpg
c:\users\***\2011.cpr
c:\users\***\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
c:\users\INGOBU~1\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
.
c:\windows\system32\Services.exe . . . ist infiziert!!
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-22 bis 2012-06-22 ))))))))))))))))))))))))))))))
.
.
2012-06-21 21:39 . 2012-06-21 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 09:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 09:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 09:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 09:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 09:55 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 09:55 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-21 09:55 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 09:55 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-21 09:55 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 09:55 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-21 09:54 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 09:54 . 2012-06-02 13:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-21 09:54 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 09:54 . 2012-06-02 13:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-21 09:54 . 2012-06-21 09:54 -------- d-----w- C:\_OTL
2012-06-20 09:57 . 2012-06-20 09:57 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-15 18:58 . 2012-06-15 18:58 -------- d-----w- c:\program files (x86)\ESET
2012-06-15 17:35 . 2012-06-15 17:35 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-06-15 17:35 . 2012-06-15 17:35 -------- d-----w- c:\programdata\Malwarebytes
2012-06-15 17:35 . 2012-06-15 17:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-15 17:35 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 17:06 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 17:06 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 17:06 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 17:06 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 17:06 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 17:06 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 17:06 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 17:06 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-12 09:47 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20BA1C2A-424C-4CD2-82AC-A47234EEA27D}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 10:52 . 2012-04-12 07:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 10:52 . 2011-08-14 20:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:53 . 2011-10-23 20:08 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-08 17:53 . 2011-10-23 20:08 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-06 17:28 . 2012-04-12 08:36 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-03 08:22 . 2012-05-11 18:11 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:45 . 2012-05-11 18:12 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-16 11:08 . 2009-09-09 16:19 34119048 ----a-w- c:\program files\avira_antivir_personal_de.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-04-10 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[7] 2008-01-21 . DFAC660F0F139276CC9299812DE42719 . 384512 . . [6.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[-] 2009-04-10 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-11-08 929168]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-11-08 3508624]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-08 21392]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-18 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-8 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257224]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 10:52]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 19:55]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 19:55]
.
2012-06-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
.
2012-06-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-25 1657128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-09-26 2041112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.berlin.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Hotspot Shield\bin\hsswd.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\windows\SysWOW64\conime.exe
c:\program files (x86)\Hotspot Shield\bin\openvpntray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-22 06:38:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-22 04:38
.
Vor Suchlauf: 21 Verzeichnis(se), 43.474.329.600 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 42.840.285.184 Bytes frei
.
- - End Of File - - CD4734BFBC3D9213ACC9BA3F5F2F09CC
|
|
| Themen zu Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI |
| 7-zip, autorun, avira, bho, bingbar, browser, call of duty, dateisystem, desktop, device driver, error, fehler, firefox, flash player, frage, google, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, hotspot, hotspot shield, install.exe, internet, internet explorer, logfile, microsoft office word, mp3, nt.dll, office 2007, openvpn, plug-in, programm, registry, searchscopes, senden, software, usb, verweise, vista, warnung, windows, world at war |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Hybrid-Darstellung
