|
Plagegeister aller Art und deren Bekämpfung: Windows Fehlermeldung beim StartWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.03.2013, 08:11 | #1 |
| Windows Fehlermeldung beim Start Hallo zusammen, gerade habe ich meinen Laptop gestartet und es erschien ein blauer Bildschirm mit sehr viel Text. Unter anderem stand dort, dass ein Fehler aufgetreten ist, ich konnte aber nicht alles lesen, da gleich ein par Sekunden später eine neue Anzeige kam, bei der ich auswählen konnte, ob Windows normal gestartet werden soll oder mit Systemreperatur. Da ich nicht wusste, was das Problem ist, habe ich vorsichtshalber die Systemreperatur ausgewählt. Es dauerte dann eine Weile bis die Reperatur fertig war, danach habe ich die Diagnose durchgelesen: Es traten anscheinend zwei Fehler auf, das erste war ein unbekannter Fehlercode (habe ihn mir auch nicht aufgeschrieben, da er ziemlich lange und kompliziert war), und das zweite war der Fehlercode 0x490. Der Computer wurde dann heruntergefahren. Bei einem zweiten Anschaltversuch kam wieder der blaue Bildschirm wie beim ersten Mal, habe dann im nächsten Schritt aber "Windows normal starten" ausgewählt und jetzt klappt auch wieder alles. Allerdings habe ich nun Angst, dass vielleicht doch etwas kaputt ist oder bald kaputt sein könnte, traue mich auch gar nicht, den Laptop wieder herunterzufahren. Kann mir jemand sagen, was das Problem war? Können noch weitere Probleme auftreten? Ich habe einen Dell XPS15 mit Betriebssystem Windows 7. Er ist jetzt etwas mehr als 2 Jahre alt. Vielen Dank im Voraus und liebe Grüße Sara |
21.03.2013, 10:55 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Fehlermeldung beim Start Hallo und
__________________Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
21.03.2013, 17:50 | #3 |
| Windows Fehlermeldung beim StartCode:
ATTFilter OTL logfile created on: 21.03.2013 17:26:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sara\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,74 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 58,14% Memory free 7,48 Gb Paging File | 5,27 Gb Available in Paging File | 70,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,07 Gb Total Space | 333,31 Gb Free Space | 73,89% Space Free | Partition Type: NTFS Computer Name: SARA-PC | User Name: Sara | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sara\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Users\Sara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () MOD - C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll () MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (McODS) -- C:\Programme\mcafee\virusscan\mcods.exe (McAfee, Inc.) SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation) DRV:64bit: - (ss_bserd) -- C:\Windows\SysNative\drivers\ss_bserd.sys (MCCI Corporation) DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI) DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WinDriver6) -- C:\Windows\SysNative\drivers\windrvr6.sys (Jungo) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (stus2x64) -- C:\Windows\SysNative\drivers\stusb2ir.sys () DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2232030552724147&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2232030552724147&q={searchTerms} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {74EC942C-C77B-4096-9949-6D18B6C55427} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {74EC942C-C77B-4096-9949-6D18B6C55427} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406 IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{0FAB72D4-C4C3-42E2-8EB8-CD082777341E}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms} IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{7606506C-A72E-4E04-A35F-FDE2D9508D1D}: "URL" = hxxp://go.gmx.net/suchbox/ie_amazon/?keywords={searchTerms} IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{8309B5CB-BC6A-4469-AB54-F6FEC7365F95}: "URL" = hxxp://go.gmx.net/br/ie8_search_amazon/?keywords={searchTerms} IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2232030552724147&q={searchTerms} IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{A563A16F-3330-4365-ACEC-D948FED35A25}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{F59B66D6-53F5-4065-BABB-CFAEC28B1326}: "URL" = hxxp://go.gmx.net/br/ie8_search_ebay/?q={searchTerms} IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sara\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sara\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.02.14 09:03:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.01.05 15:57:59 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: hxxp://www.searchnu.com/406 CHR - default_search_provider: Search Results () CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=484&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2232030552724147&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.searchnu.com/406 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Sara\appdata\local\google\chrome\application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Sara\appdata\local\google\chrome\application\24.0.1312.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sara\appdata\local\google\chrome\application\24.0.1312.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Azov Sea Theme = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\edlbggommlbjkfcfpclbcffgfkmkmega\1.0.2_0\ CHR - Extension: SiteAdvisor = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\ CHR - Extension: Google Mail = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20130308190735.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media Inc) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130308190736.dll (McAfee, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3:64bit: - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media Inc) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001..\Run: [Spotify Web Helper] C:\Users\Sara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex File not found O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex File not found O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpngw.rz.uni-landau.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F16D9FE5-A289-411B-9092-8CBF23999496}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll () O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media Inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media Inc) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll () O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media Inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media Inc) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.21 17:24:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe [2013.03.21 17:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.03.21 17:16:54 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{14CA20AB-C3FC-4BB4-8DDF-692700890D44} [2013.03.20 16:35:23 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{A3097381-780D-4D19-820E-7E8ED45AB86B} [2013.03.19 18:47:20 | 000,000,000 | ---D | C] -- C:\Users\Sara\.thumbnails [2013.03.19 18:45:38 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\fontconfig [2013.03.19 18:45:37 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\gegl-0.2 [2013.03.19 18:45:37 | 000,000,000 | ---D | C] -- C:\Users\Sara\.gimp-2.8 [2013.03.19 18:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2013.03.19 17:31:18 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{788A28F4-19C7-49BC-A729-5EE1943B758D} [2013.03.19 14:22:24 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{1938E1DD-0DFC-4FF2-A334-ADED4DDD3034} [2013.03.19 12:51:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.03.18 20:36:46 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{057D4799-50DC-46E3-B9C1-93454596CE49} [2013.03.18 18:18:30 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{08719F14-440F-4AD6-A7BA-8468630C9879} [2013.03.17 13:59:23 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{7AA03E13-25D5-40E6-8B0C-54D96CA770A1} [2013.03.17 11:40:45 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{F15061FC-2A6B-4422-8978-B36754B9D505} [2013.03.16 20:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.03.16 20:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.03.16 16:16:05 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{6B4DF617-F1DD-4670-8D9E-55B5C63E7AB1} [2013.03.16 15:08:02 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{0090C1B9-C41F-41A6-911E-41EC1D0A512B} [2013.03.14 21:19:50 | 000,000,000 | R--D | C] -- C:\Users\Sara\AppData\Roaming\Brother [2013.03.14 21:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother [2013.03.14 14:42:30 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{784BB893-5C17-4FB9-8600-C63FE895DFAC} [2013.03.14 13:45:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.14 13:45:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.14 13:45:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.14 13:45:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.14 13:45:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.14 13:45:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.14 13:45:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.14 13:45:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.14 13:45:05 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.14 13:45:05 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.14 13:45:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.14 13:45:05 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.14 13:45:04 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.14 13:45:04 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.14 13:45:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.14 13:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 13:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.14 13:43:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.13 19:01:41 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{050791EC-17E2-4A3D-A7DF-7F01D9CBC757} [2013.03.13 18:38:52 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{61648433-5ACB-4BB0-86D5-B90E38B6DC48} [2013.03.13 18:17:43 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{8C5C8818-FD49-4F85-BDFA-5076C8F699BB} [2013.03.13 15:37:37 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{CBE4028F-FB27-4A89-90C4-3ABEADB45C62} [2013.03.12 17:15:51 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{AC4CE1CD-DC56-47FE-BB16-9CD45B7428E2} [2013.03.11 16:16:48 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{3ABDFA62-A2D3-4A4A-875A-8EAF0760ADBB} [2013.03.10 10:10:54 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{1E0C6003-ED01-4797-AB38-6ECAAA27AFD9} [2013.03.10 00:37:33 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{7618A0CA-2C69-402E-9B92-34791AB7869A} [2013.03.09 08:40:22 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{55643EAE-A480-42DD-859D-ED55CC0553E2} [2013.03.08 19:11:14 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{12A66BD9-0692-404A-B53F-3CCBFA3A43A9} [2013.03.08 06:44:07 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{908996C3-12CB-420D-A358-6C1E95076507} [2013.03.07 20:42:43 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{E159079F-6E53-45EE-8D15-815608CBBD91} [2013.03.07 19:49:35 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{0DD71785-51A5-48BD-9B22-4027DA52391A} [2013.03.07 18:20:57 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{489F9BB3-172D-4EC4-88BD-4D053C9C15F4} [2013.03.07 15:01:26 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.07 15:01:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.07 15:01:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.07 15:01:18 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.07 15:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.06 06:49:21 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{5807DA32-5E3B-4208-AAF5-A4AF16078333} [2013.03.05 18:37:41 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{4932D3DF-4B37-4414-9EF2-C86179C4FCF5} [2013.03.05 06:11:28 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{F5228D80-0737-4FFF-9279-C43A8E04E205} [2013.03.04 17:35:27 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{F42E5F29-22E7-4156-A287-9E3FF1B3DCBD} [2013.03.03 10:04:00 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{48C365AE-2397-47D5-9C63-9A6B46AB9544} [2013.03.03 10:01:42 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{4FC6C06A-29BB-480F-9BBA-2779CF10503E} [2013.03.02 10:23:31 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{6C2F3475-B322-4768-A760-9C709DAEE151} [2013.03.02 01:46:26 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{CB790D01-A9A1-4E72-9C73-C62206AD45C2} [2013.03.01 22:02:00 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{8F7FDF86-EAAE-4FE6-8ED1-3D0D160C2FD1} [2013.02.28 23:12:31 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{15ABEF76-9DCB-43E5-B7C1-F644F2014D72} [2013.02.28 18:31:41 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{CF7A1E32-99F7-4D92-9223-FEAB6E61F35C} [2013.02.28 10:42:24 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.28 10:42:23 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.28 10:42:23 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.28 10:42:23 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.28 10:42:18 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.28 10:42:18 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.28 10:42:15 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.28 10:42:15 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 10:42:15 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 10:42:15 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 10:42:15 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 10:42:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 10:42:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 10:42:15 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 10:42:15 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 10:42:14 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.28 10:42:14 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.28 10:42:14 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.28 10:42:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 10:42:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 10:42:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 10:42:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 10:42:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 10:42:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 10:42:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 10:42:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 10:42:13 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.28 10:42:13 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.28 10:42:13 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.28 10:42:13 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.28 10:42:13 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.28 10:42:13 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.28 10:42:13 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.28 10:42:13 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.28 10:42:13 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.28 10:42:13 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.28 10:42:13 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.28 10:42:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 10:42:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 10:42:12 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.28 10:42:12 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.27 16:13:52 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{454EC48A-657A-407B-A173-E70309299B18} [2013.02.27 15:43:17 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{39C447C8-455E-43E4-9C5F-88B4ECF22C85} [2013.02.27 06:18:58 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{7F79B42A-B562-400C-B78C-9D76A63FD641} [2013.02.26 17:34:10 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{528898C4-661D-4401-891B-2D7DC5D47EE0} [2013.02.25 18:13:46 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{917E88F1-65AE-4DA3-8488-A7C27F673ABF} [2013.02.24 23:11:41 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{245995BF-981C-4280-8A5D-A4627E72C82D} [2013.02.24 08:06:54 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{88FD7D03-6038-4BD3-8BB1-85B9658F876C} [2013.02.23 09:29:28 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{50F15149-695C-44ED-9055-8D01D9A48AEA} [2013.02.22 07:06:43 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{5EB0E105-CC45-43BE-9378-31A20385DADE} [2013.02.21 07:13:13 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{885B7D1C-3C1A-4E11-A8A7-C57E5039427D} [2013.02.20 07:33:50 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{E711240A-951C-455C-A8D6-71195F68A1FE} [2013.02.19 17:46:07 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{4E858B5F-E50E-427E-884A-198C0D12376C} ========== Files - Modified Within 30 Days ========== [2013.03.21 17:30:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.21 17:24:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe [2013.03.21 17:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.21 17:22:10 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.21 17:22:10 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.21 17:16:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1000138055-1634324615-3746106458-1001UA.job [2013.03.21 17:14:36 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.21 17:14:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.21 17:14:13 | 3010,695,168 | -HS- | M] () -- C:\hiberfil.sys [2013.03.20 22:20:10 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\PrintProjects Communicator.job [2013.03.20 21:59:58 | 001,507,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.20 21:59:58 | 000,657,948 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.20 21:59:58 | 000,619,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.20 21:59:58 | 000,131,288 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.20 21:59:58 | 000,107,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.20 19:25:22 | 000,002,193 | ---- | M] () -- C:\Users\Sara\AppData\Local\recently-used.xbel [2013.03.20 19:16:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1000138055-1634324615-3746106458-1001Core.job [2013.03.19 08:52:54 | 375,479,462 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.16 20:05:06 | 000,001,404 | ---- | M] () -- C:\Users\Sara\Desktop\Free YouTube to MP3 Converter.lnk [2013.03.16 16:18:00 | 000,002,366 | ---- | M] () -- C:\Users\Sara\Desktop\Google Chrome.lnk [2013.03.12 20:23:36 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.12 20:23:36 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.07 15:01:14 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.03.07 15:01:14 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.07 15:01:14 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.07 15:01:14 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.07 15:01:14 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.07 15:01:14 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll ========== Files Created - No Company Name ========== [2013.03.20 19:25:22 | 000,002,193 | ---- | C] () -- C:\Users\Sara\AppData\Local\recently-used.xbel [2013.03.19 18:44:37 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2013.03.16 20:05:06 | 000,001,404 | ---- | C] () -- C:\Users\Sara\Desktop\Free YouTube to MP3 Converter.lnk [2013.02.23 18:19:16 | 375,479,462 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.09.21 19:10:48 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.18 12:33:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2012.04.18 12:33:22 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2012.02.17 14:53:47 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.09.14 09:14:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.25 20:13:34 | 000,000,046 | ---- | C] () -- C:\Users\Sara\AppData\Roaming\FactoryInstaller.xml [2011.01.01 22:22:50 | 000,012,288 | ---- | C] () -- C:\Users\Sara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 376 bytes -> C:\ProgramData\TEMP:898C038B < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.03.2013 17:26:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sara\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,74 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 58,14% Memory free 7,48 Gb Paging File | 5,27 Gb Available in Paging File | 70,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,07 Gb Total Space | 333,31 Gb Free Space | 73,89% Space Free | Partition Type: NTFS Computer Name: SARA-PC | User Name: Sara | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\PHOTO PORST\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PHOTO PORST] -- "C:\Program Files (x86)\CEWE COLOR\PHOTO PORST\PHOTO PORST.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\PHOTO PORST\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PHOTO PORST] -- "C:\Program Files (x86)\CEWE COLOR\PHOTO PORST\PHOTO PORST.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06D35904-D4ED-4564-BB9C-CF318E4B3243}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{16E7AC35-16B8-404E-A15D-AEA6E52EE2EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{19DE51F6-520D-4A64-B57E-2B2B85E552C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{3C836DAE-02F8-40CC-8D1F-765D33D8C897}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | "{5F3A4BC8-B948-4E33-82B5-3295AC8A5E3E}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | "{7D128F5F-D454-4C8A-B35A-78A07AFDA2EF}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{8C273FDC-AFF6-44E3-BC1A-BA2F0EBDEEBD}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{ACFB9A1B-6D83-462F-8640-69F9AA008988}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{E28190FE-E956-4C4F-B194-8C8D82980171}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02BBE23B-AA65-4362-A85A-C6E8D8D290E9}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | "{03D461B0-F561-43CC-86AA-296A45181052}" = protocol=6 | dir=in | app=c:\program files (x86)\tacx\tacxtrainersoftware3\updater\tacxupdate.exe | "{0AE65EF5-1EE2-41EF-9004-16F7C8DFE96E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{14E11E0D-B8A6-45F1-8549-9327A03F4696}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe | "{1C8829C5-656D-42AF-AC0A-D28A51B9E1B4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{2266FC5C-2A1F-42AE-A84B-AFF3F8CA588F}" = protocol=17 | dir=in | app=c:\program files (x86)\tacx\tacxtrainersoftware3\tools\fortiusvirtualreality\fortiusvirtualreality.exe | "{23693DF8-2479-4F8E-BC28-22AD26EFCCF8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{272C739A-BABE-4F2A-9C80-A58C33D1C3F4}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | "{277EB699-9EBA-4943-B3DD-5A339CD33779}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{2BA52BB3-2A07-46F3-9443-0D443549241E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{32934696-829E-4DEE-B7DF-AAAA8C2F1946}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | "{34702D3F-1715-4CF5-BE30-C37FD0869CCB}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | "{36013261-0C23-4F6F-BCC5-B9CE1B4A6ACD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3A3885E3-0256-4D27-8118-D47E7533FEF6}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | "{3EF84D4F-F7D8-4C5D-BB8F-21DC82177301}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{429C32B7-EEA0-4297-A58D-F54A63BF4241}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{42F6BE1E-A755-423A-ADD9-824D066F89CE}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | "{4513BF0F-58F2-41B9-AB44-FF4EA696ABF3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{4A6B4280-4588-43F4-BA63-A7FC16C3F491}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{4C0E7999-4BDC-40DF-91DA-42127E84ABC1}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | "{4F65BFCF-4BA6-4C60-BB54-E0ECC0E03A64}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | "{4F84FA8B-E17D-4B4C-B1A7-505FF91D852A}" = protocol=6 | dir=in | app=c:\program files (x86)\tacx\tacxtrainersoftware3\trainersoftware.exe | "{543F6FCE-933F-4DCE-8585-FB10E610E041}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{5AF2798B-0B65-4EF8-9D98-85CBB6E21AC2}" = protocol=17 | dir=in | app=c:\program files (x86)\tacx\tacxtrainersoftware3\updater\tacxupdate.exe | "{5CC0C036-DA12-4CA5-B991-17297D1BCB51}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | "{65FD9F9D-7A3E-4129-99C9-8310481F4541}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe | "{6C883459-0B65-442D-B588-AAFDBFED09F7}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{6D1C1D66-00DD-44B4-A725-188E06EBEBE2}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | "{722FB6F4-75CD-4189-8864-9F93625605FD}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe | "{7B5723F0-B0C1-4598-BC99-C8D8433C688B}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | "{7D06989A-E106-4D10-9EEA-D3DA570AD501}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | "{7FEDA198-3552-45AB-877D-DA1E471452DD}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{8833CF51-4ACD-435C-9515-64639215E18E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{884611A4-923F-4AB7-A56F-9B98F9156E40}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{8AB34510-058A-4D9E-8A31-1992F0385AD3}" = protocol=17 | dir=in | app=c:\program files (x86)\tacx\tacxtrainersoftware3\trainersoftware.exe | "{8F66B152-DCE4-45AC-80C0-16BB595047A9}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | "{96DB2B4E-45FB-4597-82D6-AA0E436A2AD3}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe | "{A360B50B-E9AD-4F02-AC47-9A8A6D1E9CA9}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{AB1B97AA-CAC5-464B-A5F5-0D2613BB3DC1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{B32F92D8-D35B-4605-99AA-F3210E8A6ACE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{B5A888DE-62E9-4900-87B7-023E1C691742}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{B617897E-9730-4B56-A8B6-B378CCD75B4D}" = protocol=6 | dir=in | app=c:\program files (x86)\tacx\tacxtrainersoftware3\tools\fortiusvirtualreality\fortiusvirtualreality.exe | "{C47821E1-5B13-441D-9991-E5D5FFB4088F}" = protocol=17 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe | "{C905FB3C-ACB3-48DC-A5E9-09B80A966F11}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | "{C9589F9E-C7C9-4FF1-B00A-4D69BE14033A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{C9787D46-3F27-4BE8-8036-BD3EEAF65158}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | "{CDF91C5E-6421-4E86-A7E0-7E1868728BED}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | "{D024DA84-8F25-4F27-A87E-B8CA5AE25DF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D41E25C6-FE6E-4452-BDC6-AB37BE7E4316}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{D4CBFE10-B14D-41FE-B8E7-241602C18429}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | "{E195A821-B3C4-4484-89C4-3A318D51D630}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ECF3A44A-FDE9-4B39-B4C5-12DA71D13B7E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EF802186-DA9C-48A5-A8A5-4AC967EF9172}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{F2BC0641-1F5F-4FEB-A72C-608E5C31554C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{F8C3BB83-D506-4A0B-BE06-EA5B069A3C30}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | "{FB331818-16DD-4326-B40F-85B676E2F05A}" = protocol=6 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe | "{FFDF9A95-8EDD-4739-A07D-A1A248A30B58}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit) "{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi-Software "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "GIMP-2_is1" = GIMP 2.8.4 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2BB67A89-56A3-4CEA-9D5B-B68F5C4D8682}" = Internet Explorer 8 GMX Edition "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer "{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{56BA241F-580C-43D2-8403-947241AAE633}" = center "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AD671B1-4FAD-43A1-9EC2-42301DFF3D3C}" = The Grossglockner 2008 - Austria "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11 "{8B5D5C58-A053-4832-949A-53933682588D}" = Mallorca Tour I - Spain "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{98C25937-BE36-D16A-F0F6-C66F6173CFA6}" = Saal Design Software "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn "{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials "{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F35B473D-FC7C-4F29-8B4F-223B06369F0F}" = Tacx Trainer software 3 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung "1&1 Mail & Media GmbH Toolbar IE8" = GMX MailCheck für Internet Explorer "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "Dell Dock" = Dell Dock "Dell Webcam Central" = Dell Webcam Central "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09] "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128 "Happyland Adventures - Xmas Edition_is1" = Happyland Adventures - Xmas Edition v1.3 "ilividtoolbarguid" = Search-Results Toolbar "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "Internet Explorer 8 GMX Edition" = Internet Explorer 8 GMX Edition "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "McAfee Security Scan" = McAfee Security Scan Plus "MSC" = McAfee SecurityCenter "NVIDIA.Updatus" = NVIDIA Updatus "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Opera 12.14.1738" = Opera 12.14 "PHOTO PORST" = PHOTO PORST "PrintProjects" = PrintProjects "SaalDesignSoftware" = Saal Design Software "TeamViewer 7" = TeamViewer 7 "USB_ANT_SIUSBXP_3_1&1004&0FCF" = USB ANT Stick Silicon Laboratories USBXpress Device (Driver Removal) "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1000138055-1634324615-3746106458-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "MyFreeCodec" = MyFreeCodec "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 19.03.2013 16:06:01 | Computer Name = Sara-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a ID des fehlerhaften Prozesses: 0x1f7c Startzeit der fehlerhaften Anwendung: 0x01ce24dd2ce6b02d Pfad der fehlerhaften Anwendung: C:\Windows\system32\taskeng.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 6b4b01fe-90d0-11e2-bf44-f04da2603744 Error - 20.03.2013 03:06:42 | Computer Name = Sara-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a ID des fehlerhaften Prozesses: 0x1280 Startzeit der fehlerhaften Anwendung: 0x01ce253976d3397e Pfad der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: b790fc56-912c-11e2-a4aa-f04da2603744 Error - 20.03.2013 03:30:01 | Computer Name = Sara-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: taskeng.exe, Version: 6.1.7601.17514, Zeitstempel: 0x4ce79d2c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a ID des fehlerhaften Prozesses: 0x13d8 Startzeit der fehlerhaften Anwendung: 0x01ce253cbaa7c4bb Pfad der fehlerhaften Anwendung: C:\Windows\system32\taskeng.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: f94bdeb8-912f-11e2-a4aa-f04da2603744 Error - 20.03.2013 03:44:13 | Computer Name = Sara-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: saUpd.exe, Version: 3.6.0.187, Zeitstempel: 0x50c0d00b Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a ID des fehlerhaften Prozesses: 0x1700 Startzeit der fehlerhaften Anwendung: 0x01ce253eb70606a0 Pfad der fehlerhaften Anwendung: c:\PROGRA~2\mcafee\SITEAD~1\saUpd.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: f5357d2f-9131-11e2-a4aa-f04da2603744 Error - 20.03.2013 03:44:15 | Computer Name = Sara-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wermgr.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc5f9 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a ID des fehlerhaften Prozesses: 0x288 Startzeit der fehlerhaften Anwendung: 0x01ce253eb88ec9ad Pfad der fehlerhaften Anwendung: C:\Windows\system32\wermgr.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: f644da0e-9131-11e2-a4aa-f04da2603744 Error - 20.03.2013 08:21:58 | Computer Name = Sara-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Bubbles.scr, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7a201 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a ID des fehlerhaften Prozesses: 0xd94 Startzeit der fehlerhaften Anwendung: 0x01ce25658391bc2b Pfad der fehlerhaften Anwendung: C:\Windows\system32\Bubbles.scr Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c1f7f260-9158-11e2-a4aa-f04da2603744 Error - 20.03.2013 10:33:01 | Computer Name = Sara-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca54 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a ID des fehlerhaften Prozesses: 0x1520 Startzeit der fehlerhaften Anwendung: 0x01ce2577d187073d Pfad der fehlerhaften Anwendung: C:\Windows\system32\DllHost.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 11204ef6-916b-11e2-a0f9-f04da2603744 Error - 20.03.2013 12:49:07 | Computer Name = Sara-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mcupdmgr.exe, Version: 11.6.434.0, Zeitstempel: 0x5050b58b Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a ID des fehlerhaften Prozesses: 0x18d0 Startzeit der fehlerhaften Anwendung: 0x01ce258ad4aa3f19 Pfad der fehlerhaften Anwendung: c:\PROGRA~1\mcafee\msc\mcupdmgr.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 1466f53d-917e-11e2-a0f9-f04da2603744 Error - 20.03.2013 14:24:38 | Computer Name = Sara-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: script-fu.exe, Version: 2.8.4.0, Zeitstempel: 0x5112cea5 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a ID des fehlerhaften Prozesses: 0x750 Startzeit der fehlerhaften Anwendung: 0x01ce25982decbe78 Pfad der fehlerhaften Anwendung: C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\script-fu.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 6c57b76e-918b-11e2-a0f9-f04da2603744 Error - 20.03.2013 14:24:58 | Computer Name = Sara-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: file-png.exe, Version: 2.8.4.0, Zeitstempel: 0x5112cea4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a ID des fehlerhaften Prozesses: 0x11f4 Startzeit der fehlerhaften Anwendung: 0x01ce25983a13e4fe Pfad der fehlerhaften Anwendung: C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-png.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 77d11980-918b-11e2-a0f9-f04da2603744 Error - 21.03.2013 12:19:43 | Computer Name = Sara-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mchost.exe, Version: 5.6.309.0, Zeitstempel: 0x5040ed6c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000009970a ID des fehlerhaften Prozesses: 0x1614 Startzeit der fehlerhaften Anwendung: 0x01ce264fe4a08c6d Pfad der fehlerhaften Anwendung: C:\Program Files\Common Files\McAfee\Core\mchost.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 2320f1c5-9243-11e2-9421-f04da2603744 [ Cisco AnyConnect Secure Mobility Client Events ] Error - 20.03.2013 17:26:33 | Computer Name = Sara-PC | Source = acvpnagent | ID = 67108866 Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp Line: 404 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31588341 (0xFE1E000B) Description: SOCKETTRANSPORT_ERROR_WRITE Error - 21.03.2013 12:14:33 | Computer Name = Sara-PC | Source = acvpnagent | ID = 67108866 Description = Function: XmlParser::invokeParser File: .\Xml\XmlParser.cpp Line: 182 Invoked Function: ISAXXMLReader::parse Return Code: -2146697210 (0x800C0006) Description: WINDOWS_ERROR_CODE Error - 21.03.2013 12:14:33 | Computer Name = Sara-PC | Source = acvpnagent | ID = 67108866 Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp Line: 603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Error - 21.03.2013 12:14:37 | Computer Name = Sara-PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 21.03.2013 12:15:39 | Computer Name = Sara-PC | Source = acvpnui | ID = 67108866 Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142 Invoked Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>. Error - 21.03.2013 12:15:41 | Computer Name = Sara-PC | Source = acvpnui | ID = 67108866 Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328 Invoked Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine Daten mehr verfügbar. Error - 21.03.2013 12:15:41 | Computer Name = Sara-PC | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1336 NULL object. Cannot establish a connection at this time. Error - 21.03.2013 12:19:33 | Computer Name = Sara-PC | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 21.03.2013 12:19:33 | Computer Name = Sara-PC | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 21.03.2013 12:19:33 | Computer Name = Sara-PC | Source = acvpnagent | ID = 67108865 Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp Line: 311 m_pITelemetryPlugin is NULL [ Dell Events ] Error - 23.03.2011 10:34:53 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 25.04.2011 15:12:30 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 25.04.2011 15:12:30 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 29.04.2011 09:49:03 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 29.04.2011 09:49:03 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 27.06.2011 07:10:20 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 27.06.2011 07:10:20 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 12.07.2011 08:24:55 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 12.07.2011 08:24:55 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.07.2011 14:41:16 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. [ System Events ] Error - 20.03.2013 12:49:41 | Computer Name = Sara-PC | Source = DCOM | ID = 10010 Description = Error - 20.03.2013 14:49:59 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows-Fehlerberichterstattungsdienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error - 20.03.2013 14:50:06 | Computer Name = Sara-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003 Description = Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\IWMSSvc.dll Error - 20.03.2013 16:55:18 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. Error - 20.03.2013 16:55:33 | Computer Name = Sara-PC | Source = iaStor | ID = 262153 Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 20.03.2013 16:55:48 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. Error - 20.03.2013 16:56:48 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 20.03.2013 16:56:48 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 21.03.2013 12:17:06 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 21.03.2013 12:17:06 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > |
22.03.2013, 10:20 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Fehlermeldung beim Start Rootkitscan mit GMER Bitte lade dir GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
23.03.2013, 15:40 | #5 |
| Windows Fehlermeldung beim StartCode:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-23 14:59:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.D005 465,76GB Running: gmer_2.1.19155.exe; Driver: C:\Users\Sara\AppData\Local\Temp\pxldypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1800] C:\Windows\system32\kernel32.dll!LoadLibraryW 00000000778a6f80 5 bytes JMP 000000017183b440 .text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[1800] C:\Windows\system32\kernel32.dll!LoadLibraryA 00000000778a7070 5 bytes JMP 000000017183b320 .text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[7496] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000768b87b1 5 bytes JMP 0000000152ff856d .text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[7496] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076fc6143 5 bytes JMP 000000015352fa9a .text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[7496] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076d93e59 5 bytes JMP 00000001530297d1 .text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[7496] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076d93eae 5 bytes JMP 0000000153037641 .text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[7496] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076d94731 5 bytes JMP 00000001530365d9 .text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[7496] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076d95dee 5 bytes JMP 000000015305da4f ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7C98D205-F78D-4221-A67D-61E1D25A5176}\Connection@Name isatap.{11AED7E8-46E6-40A6-8773-9964D012C165} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CE47CDF1-364A-489D-94EA-9AD7EB6AF878}\Connection@Name isatap.{83689CA0-7378-4CD8-9034-E3F71550D4AB} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{CE47CDF1-364A-489D-94EA-9AD7EB6AF878}?\Device\{7C98D205-F78D-4221-A67D-61E1D25A5176}?\Device\{89215983-32F4-472F-81B7-3E76E3F450F4}?\Device\{1DF15315-BB12-4014-A8AF-DABBADEC2CAC}?\Device\{C44405F0-3412-4D15-A75B-95077A40E3A9}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{CE47CDF1-364A-489D-94EA-9AD7EB6AF878}"?"{7C98D205-F78D-4221-A67D-61E1D25A5176}"?"{89215983-32F4-472F-81B7-3E76E3F450F4}"?"{1DF15315-BB12-4014-A8AF-DABBADEC2CAC}"?"{C44405F0-3412-4D15-A75B-95077A40E3A9}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{CE47CDF1-364A-489D-94EA-9AD7EB6AF878}?\Device\TCPIP6TUNNEL_{7C98D205-F78D-4221-A67D-61E1D25A5176}?\Device\TCPIP6TUNNEL_{89215983-32F4-472F-81B7-3E76E3F450F4}?\Device\TCPIP6TUNNEL_{1DF15315-BB12-4014-A8AF-DABBADEC2CAC}?\Device\TCPIP6TUNNEL_{C44405F0-3412-4D15-A75B-95077A40E3A9}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{7C98D205-F78D-4221-A67D-61E1D25A5176}@InterfaceName isatap.{11AED7E8-46E6-40A6-8773-9964D012C165} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{7C98D205-F78D-4221-A67D-61E1D25A5176}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CE47CDF1-364A-489D-94EA-9AD7EB6AF878}@InterfaceName isatap.{83689CA0-7378-4CD8-9034-E3F71550D4AB} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CE47CDF1-364A-489D-94EA-9AD7EB6AF878}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 62898 ---- EOF - GMER 2.1 ---- Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021 www.malwarebytes.org Database version: v2013.03.23.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sara :: SARA-PC [administrator] 23.03.2013 15:16:45 mbar-log-2013-03-23 (15-16-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28483 Time elapsed: 13 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKLM\SOFTWARE\CLASSES\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} (PUP.Datamngr) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}\INPROCSERVER32 (PUP.Datamngr) -> Delete on reboot. HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll (PUP.Datamngr) -> Delete on reboot. (end) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021 www.malwarebytes.org Database version: v2013.03.23.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sara :: SARA-PC [administrator] 23.03.2013 15:37:33 mbar-log-2013-03-23 (15-37-33).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28435 Time elapsed: 15 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
23.03.2013, 17:19 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Fehlermeldung beim Start aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Windows Fehlermeldung beim Start |
25.03.2013, 08:33 | #7 |
| Windows Fehlermeldung beim Start Hallo, ich habe mehrmals versucht, aswMBR auszuführen, aber jedes mal kommt nach ein paar Minuten Scan die Meldung: Avast Anti-Rootkit funktioniert nicht mehr. LG Sara |
25.03.2013, 15:31 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Fehlermeldung beim Start Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
25.03.2013, 16:22 | #9 |
| Windows Fehlermeldung beim StartCode:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-03-25 16:12:24 ----------------------------- 16:12:24.394 OS Version: Windows x64 6.1.7601 Service Pack 1 16:12:24.394 Number of processors: 4 586 0x2505 16:12:24.394 ComputerName: SARA-PC UserName: Sara 16:12:27.144 Initialize success 16:12:36.026 AVAST engine defs: 13032400 16:12:41.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 16:12:41.326 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3 16:12:41.446 Disk 0 MBR read successfully 16:12:41.456 Disk 0 MBR scan 16:12:41.456 Disk 0 Windows VISTA default MBR code 16:12:41.466 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 16:12:41.486 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325 16:12:41.496 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30800325 16:12:41.576 Disk 0 scanning C:\Windows\system32\drivers 16:13:06.583 Service scanning 16:13:35.271 Modules scanning 16:13:35.271 Disk 0 trace - called modules: 16:13:35.318 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStor.sys hal.dll 16:13:35.833 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005265060] 16:13:35.833 3 CLASSPNP.SYS[fffff88000cc143f] -> nt!IofCallDriver -> [0xfffffa800512bcb0] 16:13:35.848 5 stdcfltn.sys[fffff880019d6c52] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f88050] 16:13:35.848 Scan finished successfully 16:16:34.915 Disk 0 MBR has been saved successfully to "C:\Users\Sara\Desktop\MBR.dat" 16:16:34.915 The log file has been saved successfully to "C:\Users\Sara\Desktop\aswMBR.txt" Code:
ATTFilter 16:17:32.0538 6672 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 16:17:34.0538 6672 ============================================================ 16:17:34.0538 6672 Current date / time: 2013/03/25 16:17:34.0538 16:17:34.0538 6672 SystemInfo: 16:17:34.0538 6672 16:17:34.0538 6672 OS Version: 6.1.7601 ServicePack: 1.0 16:17:34.0538 6672 Product type: Workstation 16:17:34.0538 6672 ComputerName: SARA-PC 16:17:34.0538 6672 UserName: Sara 16:17:34.0538 6672 Windows directory: C:\Windows 16:17:34.0538 6672 System windows directory: C:\Windows 16:17:34.0538 6672 Running under WOW64 16:17:34.0538 6672 Processor architecture: Intel x64 16:17:34.0538 6672 Number of processors: 4 16:17:34.0538 6672 Page size: 0x1000 16:17:34.0538 6672 Boot type: Normal boot 16:17:34.0538 6672 ============================================================ 16:17:35.0518 6672 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:17:35.0518 6672 ============================================================ 16:17:35.0518 6672 \Device\Harddisk0\DR0: 16:17:35.0518 6672 MBR partitions: 16:17:35.0518 6672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000 16:17:35.0518 6672 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B 16:17:35.0518 6672 ============================================================ 16:17:35.0538 6672 C: <-> \Device\Harddisk0\DR0\Partition2 16:17:35.0538 6672 ============================================================ 16:17:35.0538 6672 Initialize success 16:17:35.0538 6672 ============================================================ 16:18:34.0479 3568 ============================================================ 16:18:34.0479 3568 Scan started 16:18:34.0479 3568 Mode: Manual; SigCheck; TDLFS; 16:18:34.0479 3568 ============================================================ 16:18:35.0025 3568 ================ Scan system memory ======================== 16:18:35.0025 3568 System memory - ok 16:18:35.0025 3568 ================ Scan services ============================= 16:18:35.0275 3568 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 16:18:35.0431 3568 1394ohci - ok 16:18:35.0478 3568 [ 7A505465BBB1EB8B5AD4D76E8749383B ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys 16:18:35.0509 3568 Acceler - ok 16:18:35.0540 3568 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 16:18:35.0571 3568 ACPI - ok 16:18:35.0618 3568 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 16:18:35.0696 3568 AcpiPmi - ok 16:18:35.0743 3568 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys 16:18:35.0758 3568 acsock - ok 16:18:35.0868 3568 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 16:18:35.0899 3568 AdobeARMservice - ok 16:18:36.0055 3568 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 16:18:36.0086 3568 AdobeFlashPlayerUpdateSvc - ok 16:18:36.0117 3568 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 16:18:36.0164 3568 adp94xx - ok 16:18:36.0195 3568 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 16:18:36.0226 3568 adpahci - ok 16:18:36.0258 3568 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 16:18:36.0273 3568 adpu320 - ok 16:18:36.0304 3568 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 16:18:36.0460 3568 AeLookupSvc - ok 16:18:36.0538 3568 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 16:18:36.0663 3568 AERTFilters - ok 16:18:36.0741 3568 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 16:18:36.0819 3568 AFD - ok 16:18:36.0897 3568 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 16:18:36.0928 3568 agp440 - ok 16:18:36.0975 3568 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 16:18:37.0022 3568 ALG - ok 16:18:37.0100 3568 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 16:18:37.0116 3568 aliide - ok 16:18:37.0162 3568 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 16:18:37.0178 3568 amdide - ok 16:18:37.0240 3568 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 16:18:37.0303 3568 AmdK8 - ok 16:18:37.0303 3568 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 16:18:37.0365 3568 AmdPPM - ok 16:18:37.0396 3568 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 16:18:37.0428 3568 amdsata - ok 16:18:37.0459 3568 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 16:18:37.0490 3568 amdsbs - ok 16:18:37.0506 3568 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 16:18:37.0521 3568 amdxata - ok 16:18:37.0584 3568 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 16:18:37.0755 3568 AppID - ok 16:18:37.0802 3568 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 16:18:37.0896 3568 AppIDSvc - ok 16:18:37.0927 3568 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 16:18:38.0005 3568 Appinfo - ok 16:18:38.0052 3568 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 16:18:38.0052 3568 arc - ok 16:18:38.0067 3568 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 16:18:38.0067 3568 arcsas - ok 16:18:38.0098 3568 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 16:18:38.0176 3568 AsyncMac - ok 16:18:38.0208 3568 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 16:18:38.0239 3568 atapi - ok 16:18:38.0286 3568 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 16:18:38.0410 3568 AudioEndpointBuilder - ok 16:18:38.0426 3568 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 16:18:38.0473 3568 AudioSrv - ok 16:18:38.0520 3568 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 16:18:38.0629 3568 AxInstSV - ok 16:18:38.0676 3568 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 16:18:38.0722 3568 b06bdrv - ok 16:18:38.0754 3568 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 16:18:38.0769 3568 b57nd60a - ok 16:18:38.0816 3568 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 16:18:38.0863 3568 BDESVC - ok 16:18:38.0878 3568 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 16:18:38.0972 3568 Beep - ok 16:18:39.0019 3568 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 16:18:39.0128 3568 BFE - ok 16:18:39.0144 3568 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 16:18:39.0222 3568 BITS - ok 16:18:39.0253 3568 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 16:18:39.0284 3568 blbdrive - ok 16:18:39.0331 3568 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:18:39.0409 3568 bowser - ok 16:18:39.0424 3568 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 16:18:39.0487 3568 BrFiltLo - ok 16:18:39.0487 3568 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 16:18:39.0518 3568 BrFiltUp - ok 16:18:39.0565 3568 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 16:18:39.0612 3568 Browser - ok 16:18:39.0643 3568 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 16:18:39.0721 3568 Brserid - ok 16:18:39.0736 3568 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 16:18:39.0783 3568 BrSerWdm - ok 16:18:39.0799 3568 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 16:18:39.0830 3568 BrUsbMdm - ok 16:18:39.0830 3568 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 16:18:39.0846 3568 BrUsbSer - ok 16:18:39.0846 3568 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 16:18:39.0892 3568 BTHMODEM - ok 16:18:39.0939 3568 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 16:18:40.0033 3568 bthserv - ok 16:18:40.0048 3568 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:18:40.0111 3568 cdfs - ok 16:18:40.0142 3568 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 16:18:40.0158 3568 cdrom - ok 16:18:40.0204 3568 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 16:18:40.0298 3568 CertPropSvc - ok 16:18:40.0345 3568 [ D2B3252AD4EB499C935A56467997AA3C ] cfwids C:\Windows\system32\drivers\cfwids.sys 16:18:40.0360 3568 cfwids - ok 16:18:40.0392 3568 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 16:18:40.0423 3568 circlass - ok 16:18:40.0454 3568 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 16:18:40.0501 3568 CLFS - ok 16:18:40.0548 3568 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:18:40.0579 3568 clr_optimization_v2.0.50727_32 - ok 16:18:40.0626 3568 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:18:40.0657 3568 clr_optimization_v2.0.50727_64 - ok 16:18:40.0735 3568 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:18:40.0766 3568 clr_optimization_v4.0.30319_32 - ok 16:18:40.0813 3568 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:18:40.0844 3568 clr_optimization_v4.0.30319_64 - ok 16:18:40.0875 3568 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 16:18:40.0906 3568 CmBatt - ok 16:18:40.0938 3568 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 16:18:40.0969 3568 cmdide - ok 16:18:41.0016 3568 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 16:18:41.0062 3568 CNG - ok 16:18:41.0109 3568 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 16:18:41.0125 3568 Compbatt - ok 16:18:41.0156 3568 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 16:18:41.0187 3568 CompositeBus - ok 16:18:41.0203 3568 COMSysApp - ok 16:18:41.0218 3568 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 16:18:41.0250 3568 crcdisk - ok 16:18:41.0296 3568 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:18:41.0359 3568 CryptSvc - ok 16:18:41.0406 3568 [ FBE228ABEAB2BE13B9C3A3A112D4D8DC ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys 16:18:41.0452 3568 CtClsFlt - ok 16:18:41.0499 3568 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 16:18:41.0608 3568 DcomLaunch - ok 16:18:41.0640 3568 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 16:18:41.0718 3568 defragsvc - ok 16:18:41.0749 3568 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 16:18:41.0811 3568 DfsC - ok 16:18:41.0858 3568 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 16:18:41.0889 3568 Dhcp - ok 16:18:41.0905 3568 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 16:18:41.0952 3568 discache - ok 16:18:41.0967 3568 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 16:18:41.0983 3568 Disk - ok 16:18:41.0998 3568 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 16:18:42.0076 3568 Dnscache - ok 16:18:42.0123 3568 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe 16:18:42.0139 3568 DockLoginService ( UnsignedFile.Multi.Generic ) - warning 16:18:42.0139 3568 DockLoginService - detected UnsignedFile.Multi.Generic (1) 16:18:42.0201 3568 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 16:18:42.0295 3568 dot3svc - ok 16:18:42.0326 3568 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 16:18:42.0420 3568 DPS - ok 16:18:42.0451 3568 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 16:18:42.0498 3568 drmkaud - ok 16:18:42.0560 3568 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 16:18:42.0607 3568 DXGKrnl - ok 16:18:42.0638 3568 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 16:18:42.0716 3568 EapHost - ok 16:18:42.0794 3568 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 16:18:42.0903 3568 ebdrv - ok 16:18:42.0919 3568 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 16:18:43.0075 3568 EFS - ok 16:18:43.0122 3568 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 16:18:43.0200 3568 ehRecvr - ok 16:18:43.0246 3568 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 16:18:43.0278 3568 ehSched - ok 16:18:43.0324 3568 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 16:18:43.0371 3568 elxstor - ok 16:18:43.0402 3568 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 16:18:43.0434 3568 ErrDev - ok 16:18:43.0496 3568 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 16:18:43.0558 3568 EventSystem - ok 16:18:43.0621 3568 [ B56D9602DB5FE1C116B1CA5EFD8E2E50 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 16:18:43.0652 3568 EvtEng - ok 16:18:43.0668 3568 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 16:18:43.0761 3568 exfat - ok 16:18:43.0792 3568 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 16:18:43.0839 3568 fastfat - ok 16:18:43.0886 3568 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 16:18:44.0073 3568 Fax - ok 16:18:44.0089 3568 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 16:18:44.0120 3568 fdc - ok 16:18:44.0151 3568 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 16:18:44.0229 3568 fdPHost - ok 16:18:44.0245 3568 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 16:18:44.0323 3568 FDResPub - ok 16:18:44.0338 3568 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 16:18:44.0354 3568 FileInfo - ok 16:18:44.0370 3568 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 16:18:44.0448 3568 Filetrace - ok 16:18:44.0448 3568 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 16:18:44.0479 3568 flpydisk - ok 16:18:44.0510 3568 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 16:18:44.0541 3568 FltMgr - ok 16:18:44.0572 3568 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 16:18:44.0682 3568 FontCache - ok 16:18:44.0728 3568 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:18:44.0853 3568 FontCache3.0.0.0 - ok 16:18:44.0869 3568 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 16:18:44.0884 3568 FsDepends - ok 16:18:44.0931 3568 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 16:18:44.0947 3568 Fs_Rec - ok 16:18:44.0994 3568 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 16:18:45.0025 3568 fvevol - ok 16:18:45.0056 3568 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 16:18:45.0087 3568 gagp30kx - ok 16:18:45.0134 3568 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 16:18:45.0259 3568 gpsvc - ok 16:18:45.0368 3568 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:18:45.0384 3568 gupdate - ok 16:18:45.0415 3568 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:18:45.0446 3568 gupdatem - ok 16:18:45.0462 3568 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 16:18:45.0524 3568 hcw85cir - ok 16:18:45.0555 3568 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 16:18:45.0602 3568 HDAudBus - ok 16:18:45.0649 3568 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 16:18:45.0664 3568 HECIx64 - ok 16:18:45.0664 3568 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 16:18:45.0711 3568 HidBatt - ok 16:18:45.0711 3568 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 16:18:45.0758 3568 HidBth - ok 16:18:45.0758 3568 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 16:18:45.0805 3568 HidIr - ok 16:18:45.0836 3568 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 16:18:45.0914 3568 hidserv - ok 16:18:45.0945 3568 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 16:18:45.0961 3568 HidUsb - ok 16:18:46.0023 3568 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys 16:18:46.0039 3568 HipShieldK - ok 16:18:46.0070 3568 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 16:18:46.0179 3568 hkmsvc - ok 16:18:46.0210 3568 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 16:18:46.0273 3568 HomeGroupListener - ok 16:18:46.0304 3568 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 16:18:46.0351 3568 HomeGroupProvider - ok 16:18:46.0398 3568 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 16:18:46.0429 3568 HpSAMD - ok 16:18:46.0476 3568 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 16:18:46.0554 3568 HTTP - ok 16:18:46.0585 3568 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 16:18:46.0585 3568 hwpolicy - ok 16:18:46.0616 3568 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 16:18:46.0632 3568 i8042prt - ok 16:18:46.0678 3568 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 16:18:46.0710 3568 iaStor - ok 16:18:46.0788 3568 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 16:18:46.0803 3568 IAStorDataMgrSvc - ok 16:18:46.0819 3568 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 16:18:46.0850 3568 iaStorV - ok 16:18:46.0897 3568 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:18:47.0037 3568 idsvc - ok 16:18:47.0256 3568 [ 31569A2E836C12014148BF7342716946 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 16:18:47.0396 3568 igfx - ok 16:18:47.0427 3568 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 16:18:47.0427 3568 iirsp - ok 16:18:47.0474 3568 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 16:18:47.0583 3568 IKEEXT - ok 16:18:47.0630 3568 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 16:18:47.0677 3568 Impcd - ok 16:18:47.0739 3568 [ 491DADCC74327FABC85E0AB80AF8F204 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 16:18:47.0817 3568 IntcAzAudAddService - ok 16:18:47.0848 3568 [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 16:18:47.0880 3568 IntcDAud - ok 16:18:47.0895 3568 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 16:18:47.0911 3568 intelide - ok 16:18:47.0942 3568 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 16:18:47.0973 3568 intelppm - ok 16:18:48.0004 3568 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 16:18:48.0067 3568 IPBusEnum - ok 16:18:48.0082 3568 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:18:48.0129 3568 IpFilterDriver - ok 16:18:48.0176 3568 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 16:18:48.0254 3568 iphlpsvc - ok 16:18:48.0285 3568 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 16:18:48.0316 3568 IPMIDRV - ok 16:18:48.0332 3568 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 16:18:48.0394 3568 IPNAT - ok 16:18:48.0457 3568 [ 05360B1EA5A2ABF620D1D96EBD8BD8F1 ] irda C:\Windows\system32\DRIVERS\irda.sys 16:18:48.0535 3568 irda - ok 16:18:48.0550 3568 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 16:18:48.0597 3568 IRENUM - ok 16:18:48.0628 3568 [ 3848384AB383F0A8F506C4370635C1F9 ] Irmon C:\Windows\System32\irmon.dll 16:18:48.0675 3568 Irmon - ok 16:18:48.0691 3568 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 16:18:48.0722 3568 isapnp - ok 16:18:48.0753 3568 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 16:18:48.0784 3568 iScsiPrt - ok 16:18:48.0831 3568 [ 3926C8C55A2CD2C94888BE39B4BEB629 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys 16:18:48.0847 3568 JMCR - ok 16:18:48.0878 3568 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 16:18:48.0894 3568 kbdclass - ok 16:18:48.0909 3568 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 16:18:48.0940 3568 kbdhid - ok 16:18:48.0956 3568 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 16:18:48.0987 3568 KeyIso - ok 16:18:49.0112 3568 [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe 16:18:49.0299 3568 Kodak AiO Network Discovery Service - ok 16:18:49.0377 3568 [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe 16:18:49.0502 3568 Kodak AiO Status Monitor Service - ok 16:18:49.0518 3568 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 16:18:49.0533 3568 KSecDD - ok 16:18:49.0564 3568 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 16:18:49.0580 3568 KSecPkg - ok 16:18:49.0596 3568 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 16:18:49.0642 3568 ksthunk - ok 16:18:49.0674 3568 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 16:18:49.0767 3568 KtmRm - ok 16:18:49.0814 3568 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 16:18:49.0892 3568 LanmanServer - ok 16:18:49.0923 3568 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 16:18:50.0001 3568 LanmanWorkstation - ok 16:18:50.0032 3568 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 16:18:50.0110 3568 lltdio - ok 16:18:50.0142 3568 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 16:18:50.0220 3568 lltdsvc - ok 16:18:50.0235 3568 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 16:18:50.0298 3568 lmhosts - ok 16:18:50.0344 3568 [ 23D990150D56B670A62B21B9ABDD45EE ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 16:18:50.0360 3568 LMS - ok 16:18:50.0407 3568 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 16:18:50.0438 3568 LSI_FC - ok 16:18:50.0438 3568 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 16:18:50.0469 3568 LSI_SAS - ok 16:18:50.0469 3568 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 16:18:50.0500 3568 LSI_SAS2 - ok 16:18:50.0500 3568 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 16:18:50.0516 3568 LSI_SCSI - ok 16:18:50.0532 3568 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 16:18:50.0625 3568 luafv - ok 16:18:50.0719 3568 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 16:18:50.0734 3568 McAfee SiteAdvisor Service - ok 16:18:50.0828 3568 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe 16:18:50.0859 3568 McComponentHostService - ok 16:18:50.0875 3568 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 16:18:50.0890 3568 McMPFSvc - ok 16:18:50.0922 3568 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 16:18:50.0937 3568 mcmscsvc - ok 16:18:50.0953 3568 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 16:18:50.0968 3568 McNaiAnn - ok 16:18:51.0000 3568 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 16:18:51.0015 3568 McNASvc - ok 16:18:51.0093 3568 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe 16:18:51.0124 3568 McODS - ok 16:18:51.0140 3568 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 16:18:51.0156 3568 McOobeSv - ok 16:18:51.0171 3568 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 16:18:51.0187 3568 McProxy - ok 16:18:51.0218 3568 [ 21F81090A00932C5E96700EDF2977582 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 16:18:51.0234 3568 McShield - ok 16:18:51.0280 3568 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 16:18:51.0374 3568 Mcx2Svc - ok 16:18:51.0390 3568 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 16:18:51.0405 3568 megasas - ok 16:18:51.0405 3568 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 16:18:51.0421 3568 MegaSR - ok 16:18:51.0436 3568 [ B1720E97FABBDF7D30B36DAF19C3DEE8 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys 16:18:51.0452 3568 mfeapfk - ok 16:18:51.0483 3568 [ 113F1534B80D65DFDCA660F19967A3B7 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys 16:18:51.0499 3568 mfeavfk - ok 16:18:51.0514 3568 mfeavfk01 - ok 16:18:51.0546 3568 [ C4F521310E40327BBC8E8E71DA344F48 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 16:18:51.0561 3568 mfefire - ok 16:18:51.0592 3568 [ CECC9841D036EE008091825272D91331 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys 16:18:51.0624 3568 mfefirek - ok 16:18:51.0670 3568 [ EF0F85EDBDF6C0AB467E88E0CEE2B346 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys 16:18:51.0733 3568 mfehidk - ok 16:18:51.0764 3568 [ 6E3A46BF6CBB80450CC24F80FE03ED5A ] mferkdet C:\Windows\system32\drivers\mferkdet.sys 16:18:51.0780 3568 mferkdet - ok 16:18:51.0811 3568 [ 341BFCAA3A55C08E8C9ECB1654ACA905 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe 16:18:51.0873 3568 mfevtp - ok 16:18:51.0904 3568 [ 2802D09F1B6ED502237539563F3C4992 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys 16:18:51.0920 3568 mfewfpk - ok 16:18:51.0936 3568 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 16:18:51.0982 3568 MMCSS - ok 16:18:51.0998 3568 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 16:18:52.0045 3568 Modem - ok 16:18:52.0076 3568 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 16:18:52.0123 3568 monitor - ok 16:18:52.0138 3568 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 16:18:52.0170 3568 mouclass - ok 16:18:52.0201 3568 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 16:18:52.0232 3568 mouhid - ok 16:18:52.0263 3568 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 16:18:52.0294 3568 mountmgr - ok 16:18:52.0326 3568 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 16:18:52.0357 3568 mpio - ok 16:18:52.0388 3568 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 16:18:52.0450 3568 mpsdrv - ok 16:18:52.0497 3568 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 16:18:52.0684 3568 MpsSvc - ok 16:18:52.0716 3568 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 16:18:52.0778 3568 MRxDAV - ok 16:18:52.0809 3568 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 16:18:52.0872 3568 mrxsmb - ok 16:18:52.0903 3568 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:18:52.0950 3568 mrxsmb10 - ok 16:18:52.0981 3568 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:18:53.0012 3568 mrxsmb20 - ok 16:18:53.0028 3568 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 16:18:53.0059 3568 msahci - ok 16:18:53.0074 3568 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 16:18:53.0106 3568 msdsm - ok 16:18:53.0137 3568 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 16:18:53.0184 3568 MSDTC - ok 16:18:53.0215 3568 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 16:18:53.0293 3568 Msfs - ok 16:18:53.0308 3568 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 16:18:53.0355 3568 mshidkmdf - ok 16:18:53.0371 3568 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 16:18:53.0371 3568 msisadrv - ok 16:18:53.0402 3568 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 16:18:53.0449 3568 MSiSCSI - ok 16:18:53.0449 3568 msiserver - ok 16:18:53.0496 3568 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 16:18:53.0527 3568 MSK80Service - ok 16:18:53.0542 3568 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 16:18:53.0620 3568 MSKSSRV - ok 16:18:53.0636 3568 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 16:18:53.0683 3568 MSPCLOCK - ok 16:18:53.0683 3568 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 16:18:53.0730 3568 MSPQM - ok 16:18:53.0745 3568 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 16:18:53.0776 3568 MsRPC - ok 16:18:53.0792 3568 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 16:18:53.0808 3568 mssmbios - ok 16:18:53.0823 3568 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 16:18:53.0854 3568 MSTEE - ok 16:18:53.0870 3568 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 16:18:53.0886 3568 MTConfig - ok 16:18:53.0886 3568 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 16:18:53.0901 3568 Mup - ok 16:18:53.0932 3568 [ A9BC2302FBDF52C8AF4E2FC966288D21 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 16:18:53.0948 3568 MyWiFiDHCPDNS - ok 16:18:53.0995 3568 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 16:18:54.0088 3568 napagent - ok 16:18:54.0120 3568 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 16:18:54.0166 3568 NativeWifiP - ok 16:18:54.0213 3568 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 16:18:54.0260 3568 NDIS - ok 16:18:54.0276 3568 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 16:18:54.0307 3568 NdisCap - ok 16:18:54.0338 3568 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 16:18:54.0385 3568 NdisTapi - ok 16:18:54.0400 3568 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 16:18:54.0494 3568 Ndisuio - ok 16:18:54.0525 3568 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 16:18:54.0603 3568 NdisWan - ok 16:18:54.0634 3568 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 16:18:54.0728 3568 NDProxy - ok 16:18:54.0744 3568 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 16:18:54.0822 3568 NetBIOS - ok 16:18:54.0868 3568 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 16:18:54.0931 3568 NetBT - ok 16:18:54.0946 3568 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 16:18:54.0962 3568 Netlogon - ok 16:18:54.0993 3568 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 16:18:55.0040 3568 Netman - ok 16:18:55.0071 3568 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 16:18:55.0118 3568 netprofm - ok 16:18:55.0165 3568 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:18:55.0165 3568 NetTcpPortSharing - ok 16:18:55.0336 3568 [ 18555F48844C2861D9DCE8F2B7223AE5 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys 16:18:55.0446 3568 NETw5s64 - ok 16:18:55.0477 3568 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 16:18:55.0508 3568 nfrd960 - ok 16:18:55.0570 3568 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 16:18:55.0617 3568 NlaSvc - ok 16:18:55.0633 3568 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 16:18:55.0695 3568 Npfs - ok 16:18:55.0726 3568 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 16:18:55.0804 3568 nsi - ok 16:18:55.0804 3568 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 16:18:55.0882 3568 nsiproxy - ok 16:18:55.0945 3568 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 16:18:56.0038 3568 Ntfs - ok 16:18:56.0054 3568 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 16:18:56.0148 3568 Null - ok 16:18:56.0179 3568 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 16:18:56.0194 3568 nusb3hub - ok 16:18:56.0226 3568 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 16:18:56.0241 3568 nusb3xhc - ok 16:18:56.0272 3568 [ E20ABD5B229760158F753CA90B97E090 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 16:18:56.0304 3568 NVHDA - ok 16:18:56.0553 3568 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 16:18:56.0725 3568 nvlddmkm - ok 16:18:56.0740 3568 [ 918841B2454F4F2BD94479692079490B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys 16:18:56.0756 3568 nvpciflt - ok 16:18:56.0787 3568 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 16:18:56.0803 3568 nvraid - ok 16:18:56.0850 3568 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 16:18:56.0881 3568 nvstor - ok 16:18:56.0928 3568 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe 16:18:57.0068 3568 nvsvc - ok 16:18:57.0130 3568 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 16:18:57.0302 3568 nvUpdatusService - ok 16:18:57.0333 3568 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 16:18:57.0349 3568 nv_agp - ok 16:18:57.0364 3568 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 16:18:57.0411 3568 ohci1394 - ok 16:18:57.0458 3568 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:18:57.0489 3568 ose - ok 16:18:57.0598 3568 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 16:18:57.0786 3568 osppsvc - ok 16:18:57.0801 3568 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 16:18:57.0832 3568 p2pimsvc - ok 16:18:57.0864 3568 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 16:18:57.0895 3568 p2psvc - ok 16:18:57.0926 3568 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 16:18:57.0942 3568 Parport - ok 16:18:57.0988 3568 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 16:18:58.0004 3568 partmgr - ok 16:18:58.0035 3568 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 16:18:58.0066 3568 PcaSvc - ok 16:18:58.0098 3568 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 16:18:58.0113 3568 pci - ok 16:18:58.0129 3568 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 16:18:58.0129 3568 pciide - ok 16:18:58.0144 3568 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 16:18:58.0160 3568 pcmcia - ok 16:18:58.0176 3568 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 16:18:58.0191 3568 pcw - ok 16:18:58.0207 3568 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 16:18:58.0269 3568 PEAUTH - ok 16:18:58.0363 3568 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 16:18:58.0394 3568 PerfHost - ok 16:18:58.0456 3568 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 16:18:58.0581 3568 pla - ok 16:18:58.0628 3568 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 16:18:58.0690 3568 PlugPlay - ok 16:18:58.0722 3568 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 16:18:58.0768 3568 PNRPAutoReg - ok 16:18:58.0784 3568 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 16:18:58.0831 3568 PNRPsvc - ok 16:18:58.0846 3568 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 16:18:59.0018 3568 PolicyAgent - ok 16:18:59.0049 3568 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 16:18:59.0080 3568 Power - ok 16:18:59.0127 3568 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 16:18:59.0158 3568 PptpMiniport - ok 16:18:59.0174 3568 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 16:18:59.0190 3568 Processor - ok 16:18:59.0221 3568 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 16:18:59.0283 3568 ProfSvc - ok 16:18:59.0299 3568 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 16:18:59.0330 3568 ProtectedStorage - ok 16:18:59.0361 3568 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 16:18:59.0470 3568 Psched - ok 16:18:59.0502 3568 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 16:18:59.0517 3568 PxHlpa64 - ok 16:18:59.0548 3568 [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys 16:18:59.0564 3568 qicflt - ok 16:18:59.0642 3568 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 16:18:59.0689 3568 ql2300 - ok 16:18:59.0704 3568 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 16:18:59.0720 3568 ql40xx - ok 16:18:59.0751 3568 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 16:18:59.0782 3568 QWAVE - ok 16:18:59.0782 3568 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 16:18:59.0829 3568 QWAVEdrv - ok 16:18:59.0829 3568 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 16:18:59.0923 3568 RasAcd - ok 16:18:59.0938 3568 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 16:18:59.0970 3568 RasAgileVpn - ok 16:19:00.0001 3568 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 16:19:00.0032 3568 RasAuto - ok 16:19:00.0063 3568 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 16:19:00.0094 3568 Rasl2tp - ok 16:19:00.0126 3568 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 16:19:00.0204 3568 RasMan - ok 16:19:00.0219 3568 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 16:19:00.0313 3568 RasPppoe - ok 16:19:00.0344 3568 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 16:19:00.0406 3568 RasSstp - ok 16:19:00.0438 3568 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 16:19:00.0484 3568 rdbss - ok 16:19:00.0500 3568 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 16:19:00.0516 3568 rdpbus - ok 16:19:00.0531 3568 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 16:19:00.0578 3568 RDPCDD - ok 16:19:00.0609 3568 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 16:19:00.0687 3568 RDPENCDD - ok 16:19:00.0703 3568 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 16:19:00.0796 3568 RDPREFMP - ok 16:19:00.0843 3568 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 16:19:00.0906 3568 RdpVideoMiniport - ok 16:19:00.0952 3568 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 16:19:01.0015 3568 RDPWD - ok 16:19:01.0062 3568 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 16:19:01.0093 3568 rdyboost - ok 16:19:01.0155 3568 [ 0AA473966357C4A41B5EB19649EB6E5E ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 16:19:01.0202 3568 RegSrvc - ok 16:19:01.0233 3568 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 16:19:01.0296 3568 RemoteAccess - ok 16:19:01.0327 3568 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 16:19:01.0420 3568 RemoteRegistry - ok 16:19:01.0436 3568 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 16:19:01.0530 3568 RpcEptMapper - ok 16:19:01.0530 3568 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 16:19:01.0576 3568 RpcLocator - ok 16:19:01.0608 3568 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 16:19:01.0686 3568 RpcSs - ok 16:19:01.0701 3568 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 16:19:01.0779 3568 rspndr - ok 16:19:01.0810 3568 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 16:19:01.0826 3568 RTL8167 - ok 16:19:01.0842 3568 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 16:19:01.0857 3568 SamSs - ok 16:19:01.0873 3568 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 16:19:01.0904 3568 sbp2port - ok 16:19:01.0920 3568 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 16:19:02.0013 3568 SCardSvr - ok 16:19:02.0044 3568 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 16:19:02.0138 3568 scfilter - ok 16:19:02.0169 3568 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 16:19:02.0278 3568 Schedule - ok 16:19:02.0310 3568 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 16:19:02.0341 3568 SCPolicySvc - ok 16:19:02.0372 3568 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 16:19:02.0419 3568 SDRSVC - ok 16:19:02.0450 3568 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 16:19:02.0528 3568 secdrv - ok 16:19:02.0544 3568 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 16:19:02.0590 3568 seclogon - ok 16:19:02.0622 3568 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 16:19:02.0653 3568 SENS - ok 16:19:02.0668 3568 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 16:19:02.0684 3568 SensrSvc - ok 16:19:02.0700 3568 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 16:19:02.0715 3568 Serenum - ok 16:19:02.0715 3568 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 16:19:02.0762 3568 Serial - ok 16:19:02.0793 3568 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 16:19:02.0824 3568 sermouse - ok 16:19:02.0856 3568 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 16:19:02.0949 3568 SessionEnv - ok 16:19:02.0980 3568 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 16:19:03.0012 3568 sffdisk - ok 16:19:03.0027 3568 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 16:19:03.0058 3568 sffp_mmc - ok 16:19:03.0074 3568 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 16:19:03.0121 3568 sffp_sd - ok 16:19:03.0121 3568 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 16:19:03.0152 3568 sfloppy - ok 16:19:03.0230 3568 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 16:19:03.0402 3568 SftService - ok 16:19:03.0433 3568 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 16:19:03.0495 3568 SharedAccess - ok 16:19:03.0542 3568 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 16:19:03.0620 3568 ShellHWDetection - ok 16:19:03.0636 3568 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 16:19:03.0667 3568 SiSRaid2 - ok 16:19:03.0667 3568 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 16:19:03.0698 3568 SiSRaid4 - ok 16:19:03.0760 3568 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 16:19:03.0792 3568 SkypeUpdate - ok 16:19:03.0792 3568 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 16:19:03.0870 3568 Smb - ok 16:19:03.0901 3568 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 16:19:03.0948 3568 SNMPTRAP - ok 16:19:03.0963 3568 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 16:19:03.0994 3568 spldr - ok 16:19:04.0026 3568 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 16:19:04.0104 3568 Spooler - ok 16:19:04.0197 3568 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 16:19:04.0353 3568 sppsvc - ok 16:19:04.0384 3568 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 16:19:04.0462 3568 sppuinotify - ok 16:19:04.0494 3568 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 16:19:04.0556 3568 srv - ok 16:19:04.0587 3568 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 16:19:04.0634 3568 srv2 - ok 16:19:04.0681 3568 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 16:19:04.0712 3568 srvnet - ok 16:19:04.0759 3568 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys 16:19:04.0821 3568 ssadbus - ok 16:19:04.0868 3568 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys 16:19:04.0915 3568 ssadmdfl - ok 16:19:04.0946 3568 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys 16:19:04.0993 3568 ssadmdm - ok 16:19:05.0024 3568 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 16:19:05.0118 3568 SSDPSRV - ok 16:19:05.0133 3568 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 16:19:05.0211 3568 SstpSvc - ok 16:19:05.0242 3568 [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys 16:19:05.0258 3568 ss_bbus - ok 16:19:05.0289 3568 [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys 16:19:05.0305 3568 ss_bmdfl - ok 16:19:05.0320 3568 [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys 16:19:05.0336 3568 ss_bmdm - ok 16:19:05.0367 3568 [ 677CDC98F8363ACCAAE783FDE1599C2A ] ss_bserd C:\Windows\system32\DRIVERS\ss_bserd.sys 16:19:05.0367 3568 ss_bserd - ok 16:19:05.0398 3568 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys 16:19:05.0414 3568 stdcfltn - ok 16:19:05.0445 3568 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 16:19:05.0476 3568 Stereo Service - ok 16:19:05.0508 3568 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 16:19:05.0523 3568 stexstor - ok 16:19:05.0586 3568 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 16:19:05.0648 3568 stisvc - ok 16:19:05.0695 3568 [ 2663DDE5852B05768C526B78FA99E6B6 ] stus2x64 C:\Windows\system32\DRIVERS\stusb2ir.sys 16:19:05.0742 3568 stus2x64 - ok 16:19:05.0773 3568 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 16:19:05.0788 3568 swenum - ok 16:19:05.0820 3568 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 16:19:05.0929 3568 swprv - ok 16:19:05.0991 3568 [ 36F506C894E1EA59C65FAF6398BDF49A ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 16:19:06.0038 3568 SynTP - ok 16:19:06.0100 3568 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 16:19:06.0210 3568 SysMain - ok 16:19:06.0225 3568 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 16:19:06.0256 3568 TabletInputService - ok 16:19:06.0303 3568 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 16:19:06.0412 3568 TapiSrv - ok 16:19:06.0428 3568 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 16:19:06.0490 3568 TBS - ok 16:19:06.0553 3568 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 16:19:06.0615 3568 Tcpip - ok 16:19:06.0662 3568 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 16:19:06.0693 3568 TCPIP6 - ok 16:19:06.0740 3568 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 16:19:06.0756 3568 tcpipreg - ok 16:19:06.0771 3568 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 16:19:06.0802 3568 TDPIPE - ok 16:19:06.0834 3568 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 16:19:06.0865 3568 TDTCP - ok 16:19:06.0912 3568 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 16:19:06.0990 3568 tdx - ok 16:19:07.0099 3568 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 16:19:07.0208 3568 TeamViewer7 - ok 16:19:07.0224 3568 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 16:19:07.0239 3568 TermDD - ok 16:19:07.0286 3568 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 16:19:07.0411 3568 TermService - ok 16:19:07.0426 3568 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 16:19:07.0458 3568 Themes - ok 16:19:07.0473 3568 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 16:19:07.0505 3568 THREADORDER - ok 16:19:07.0520 3568 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 16:19:07.0567 3568 TrkWks - ok 16:19:07.0614 3568 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 16:19:07.0692 3568 TrustedInstaller - ok 16:19:07.0723 3568 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 16:19:07.0801 3568 tssecsrv - ok 16:19:07.0848 3568 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 16:19:07.0910 3568 TsUsbFlt - ok 16:19:07.0941 3568 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 16:19:08.0035 3568 tunnel - ok 16:19:08.0097 3568 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys 16:19:08.0113 3568 TurboB - ok 16:19:08.0160 3568 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe 16:19:08.0175 3568 TurboBoost - ok 16:19:08.0207 3568 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 16:19:08.0222 3568 uagp35 - ok 16:19:08.0269 3568 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 16:19:08.0347 3568 udfs - ok 16:19:08.0378 3568 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 16:19:08.0409 3568 UI0Detect - ok 16:19:08.0441 3568 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 16:19:08.0472 3568 uliagpkx - ok 16:19:08.0472 3568 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 16:19:08.0534 3568 umbus - ok 16:19:08.0534 3568 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 16:19:08.0565 3568 UmPass - ok 16:19:08.0675 3568 [ CBDEE152D73200EE49031A26310B9D3E ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 16:19:08.0753 3568 UNS - ok 16:19:08.0768 3568 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 16:19:08.0815 3568 upnphost - ok 16:19:08.0831 3568 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 16:19:08.0862 3568 usbccgp - ok 16:19:08.0877 3568 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 16:19:08.0893 3568 usbcir - ok 16:19:08.0924 3568 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 16:19:08.0940 3568 usbehci - ok 16:19:08.0971 3568 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 16:19:09.0018 3568 usbhub - ok 16:19:09.0033 3568 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 16:19:09.0065 3568 usbohci - ok 16:19:09.0111 3568 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 16:19:09.0143 3568 usbprint - ok 16:19:09.0189 3568 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 16:19:09.0221 3568 usbscan - ok 16:19:09.0236 3568 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:19:09.0299 3568 USBSTOR - ok 16:19:09.0314 3568 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 16:19:09.0345 3568 usbuhci - ok 16:19:09.0377 3568 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 16:19:09.0423 3568 usbvideo - ok 16:19:09.0455 3568 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 16:19:09.0548 3568 UxSms - ok 16:19:09.0564 3568 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 16:19:09.0595 3568 VaultSvc - ok 16:19:09.0611 3568 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 16:19:09.0642 3568 vdrvroot - ok 16:19:09.0689 3568 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 16:19:09.0735 3568 vds - ok 16:19:09.0751 3568 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 16:19:09.0767 3568 vga - ok 16:19:09.0798 3568 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 16:19:09.0876 3568 VgaSave - ok 16:19:09.0907 3568 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 16:19:09.0938 3568 vhdmp - ok 16:19:09.0954 3568 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 16:19:09.0985 3568 viaide - ok 16:19:10.0001 3568 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 16:19:10.0016 3568 volmgr - ok 16:19:10.0063 3568 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 16:19:10.0094 3568 volmgrx - ok 16:19:10.0110 3568 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 16:19:10.0141 3568 volsnap - ok 16:19:10.0235 3568 [ E23BC9B12EF85B58083A6985F9BE3C44 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe 16:19:10.0266 3568 vpnagent - ok 16:19:10.0328 3568 [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys 16:19:10.0344 3568 vpnva - ok 16:19:10.0391 3568 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 16:19:10.0422 3568 vsmraid - ok 16:19:10.0484 3568 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 16:19:10.0625 3568 VSS - ok 16:19:10.0640 3568 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 16:19:10.0687 3568 vwifibus - ok 16:19:10.0703 3568 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 16:19:10.0734 3568 vwififlt - ok 16:19:10.0749 3568 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 16:19:10.0796 3568 vwifimp - ok 16:19:10.0827 3568 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 16:19:10.0921 3568 W32Time - ok 16:19:10.0937 3568 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 16:19:10.0952 3568 WacomPen - ok 16:19:10.0999 3568 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 16:19:11.0093 3568 WANARP - ok 16:19:11.0108 3568 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 16:19:11.0171 3568 Wanarpv6 - ok 16:19:11.0233 3568 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 16:19:11.0342 3568 wbengine - ok 16:19:11.0358 3568 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 16:19:11.0405 3568 WbioSrvc - ok 16:19:11.0436 3568 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 16:19:11.0483 3568 wcncsvc - ok 16:19:11.0498 3568 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 16:19:11.0529 3568 WcsPlugInService - ok 16:19:11.0561 3568 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 16:19:11.0592 3568 Wd - ok 16:19:11.0639 3568 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 16:19:11.0701 3568 Wdf01000 - ok 16:19:11.0717 3568 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 16:19:11.0763 3568 WdiServiceHost - ok 16:19:11.0779 3568 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 16:19:11.0810 3568 WdiSystemHost - ok 16:19:11.0841 3568 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 16:19:11.0904 3568 WebClient - ok 16:19:11.0935 3568 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 16:19:12.0029 3568 Wecsvc - ok 16:19:12.0044 3568 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 16:19:12.0122 3568 wercplsupport - ok 16:19:12.0153 3568 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 16:19:12.0247 3568 WerSvc - ok 16:19:12.0263 3568 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 16:19:12.0341 3568 WfpLwf - ok 16:19:12.0372 3568 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 16:19:12.0403 3568 WimFltr - ok 16:19:12.0419 3568 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 16:19:12.0434 3568 WIMMount - ok 16:19:12.0450 3568 WinDefend - ok 16:19:12.0512 3568 [ 7922583C802203A54CDD47D9ECF028F2 ] WinDriver6 C:\Windows\system32\drivers\windrvr6.sys 16:19:12.0559 3568 WinDriver6 - ok 16:19:12.0575 3568 WinHttpAutoProxySvc - ok 16:19:12.0637 3568 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 16:19:12.0715 3568 Winmgmt - ok 16:19:12.0793 3568 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 16:19:12.0871 3568 WinRM - ok 16:19:12.0902 3568 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 16:19:12.0949 3568 WinUsb - ok 16:19:12.0980 3568 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 16:19:13.0043 3568 Wlansvc - ok 16:19:13.0089 3568 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 16:19:13.0183 3568 wlcrasvc - ok 16:19:13.0245 3568 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 16:19:13.0401 3568 wlidsvc - ok 16:19:13.0417 3568 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 16:19:13.0448 3568 WmiAcpi - ok 16:19:13.0479 3568 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 16:19:13.0526 3568 wmiApSrv - ok 16:19:13.0557 3568 WMPNetworkSvc - ok 16:19:13.0573 3568 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 16:19:13.0620 3568 WPCSvc - ok 16:19:13.0651 3568 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 16:19:13.0698 3568 WPDBusEnum - ok 16:19:13.0713 3568 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 16:19:13.0807 3568 ws2ifsl - ok 16:19:13.0823 3568 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 16:19:13.0869 3568 wscsvc - ok 16:19:13.0869 3568 WSearch - ok 16:19:13.0947 3568 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 16:19:14.0041 3568 wuauserv - ok 16:19:14.0072 3568 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 16:19:14.0103 3568 WudfPf - ok 16:19:14.0150 3568 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 16:19:14.0197 3568 WUDFRd - ok 16:19:14.0228 3568 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 16:19:14.0259 3568 wudfsvc - ok 16:19:14.0275 3568 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 16:19:14.0322 3568 WwanSvc - ok 16:19:14.0353 3568 ================ Scan global =============================== 16:19:14.0384 3568 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 16:19:14.0431 3568 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 16:19:14.0447 3568 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 16:19:14.0462 3568 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 16:19:14.0493 3568 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 16:19:14.0493 3568 [Global] - ok 16:19:14.0493 3568 ================ Scan MBR ================================== 16:19:14.0509 3568 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 16:19:14.0899 3568 \Device\Harddisk0\DR0 - ok 16:19:14.0899 3568 ================ Scan VBR ================================== 16:19:14.0899 3568 [ C27B706087C4EEA52DEEA50C6CD520AB ] \Device\Harddisk0\DR0\Partition1 16:19:14.0899 3568 \Device\Harddisk0\DR0\Partition1 - ok 16:19:14.0930 3568 [ 0D222F87DDE44372CE94456238C619AF ] \Device\Harddisk0\DR0\Partition2 16:19:14.0946 3568 \Device\Harddisk0\DR0\Partition2 - ok 16:19:14.0946 3568 ============================================================ 16:19:14.0946 3568 Scan finished 16:19:14.0946 3568 ============================================================ 16:19:14.0961 3288 Detected object count: 1 16:19:14.0961 3288 Actual detected object count: 1 16:19:36.0926 3288 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user 16:19:36.0926 3288 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip |
25.03.2013, 16:51 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Fehlermeldung beim Start Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
25.03.2013, 19:35 | #11 |
| Windows Fehlermeldung beim Start das Programm hat, nachdem ich McAfee deaktiviert hatte, noch angezeigt, dass Antivirus-Software aktiviert ist. Code:
ATTFilter ComboFix 13-03-25.01 - Sara 25.03.2013 19:00:34.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3828.2091 [GMT 1:00] ausgeführt von:: c:\users\Sara\Desktop\ComboFix.exe AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\windows\SysWow64\muzapp.exe c:\windows\SysWow64\System32\MASetupCleaner.exe c:\windows\SysWow64\System32\muzapp.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-02-25 bis 2013-03-25 )))))))))))))))))))))))))))))) . . 2013-03-25 18:12 . 2013-03-25 18:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-03-25 18:12 . 2013-03-25 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-21 19:24 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-19 17:47 . 2013-03-19 17:47 -------- d-----w- c:\users\Sara\.thumbnails 2013-03-19 17:45 . 2013-03-19 17:45 -------- d-----w- c:\users\Sara\AppData\Local\fontconfig 2013-03-19 17:45 . 2013-03-20 18:25 -------- d-----w- c:\users\Sara\.gimp-2.8 2013-03-19 17:45 . 2013-03-19 17:45 -------- d-----w- c:\users\Sara\AppData\Local\gegl-0.2 2013-03-19 17:43 . 2013-03-19 17:44 -------- d-----w- c:\program files\GIMP 2 2013-03-16 19:04 . 2013-03-16 19:04 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft 2013-03-16 19:04 . 2013-03-16 19:05 -------- d-----w- c:\program files (x86)\DVDVideoSoft 2013-03-14 20:19 . 2013-03-14 20:19 -------- d-----r- c:\users\Sara\AppData\Roaming\Brother 2013-03-14 20:18 . 2013-03-14 20:18 -------- d-----w- c:\programdata\Brother 2013-03-14 12:43 . 2013-03-14 12:43 -------- d-----w- c:\program files\Microsoft Silverlight 2013-03-14 12:43 . 2013-03-14 12:43 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-03-07 14:01 . 2013-03-07 14:01 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-07 14:01 . 2013-03-07 14:01 -------- d-----w- c:\program files (x86)\Java . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-14 12:47 . 2011-01-14 12:36 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-12 19:23 . 2012-07-27 14:45 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 19:23 . 2012-07-27 14:45 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-07 14:01 . 2012-08-25 06:03 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-03-07 14:01 . 2010-12-16 13:34 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-19 12:59 . 2010-01-06 00:04 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys 2013-02-19 12:56 . 2010-01-06 00:04 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2013-02-19 12:55 . 2010-12-16 13:49 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2013-02-19 12:55 . 2010-01-06 00:04 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2013-02-19 12:54 . 2010-01-06 00:04 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-02-19 12:53 . 2010-01-06 00:04 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2013-02-19 12:53 . 2010-01-06 00:04 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-02-19 12:52 . 2010-01-06 00:04 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2013-02-12 05:45 . 2013-03-14 05:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-14 05:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-14 05:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-14 05:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-14 05:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-14 05:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-05 05:53 . 2013-02-13 16:32 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-13 16:32 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-13 16:32 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-13 16:31 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-13 16:31 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-13 16:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-13 16:32 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-13 16:31 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-13 16:31 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-13 16:31 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-13 16:31 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-13 16:31 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-13 16:31 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}] 2011-05-11 15:36 163936 ----a-w- c:\programdata\1und1InternetExplorerAddon\BHOXML.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-11-12 1104824] "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-11-12 968120] "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544] "Spotify Web Helper"="c:\users\Sara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-02-05 1199576] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608] "MailCheck IE Broker"="c:\program files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe" [2012-11-22 1423496] "Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-10-17 684024] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-09 559616] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-08-01 165184] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840] . c:\users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-10-17 107432] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-03-26 160880] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 127488] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 18944] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 161280] R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-12-21 128000] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640] R3 stus2x64;USB 2.0 IrDA Bridge;c:\windows\system32\DRIVERS\stusb2ir.sys [2008-01-03 47872] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200] S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2013-02-19 182752] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400] S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-08-19 27760] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968] S3 NETw5s64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968] S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-12 29288] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - mfeavfk01 . Inhalt des "geplante Tasks" Ordners . 2013-03-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 19:23] . 2013-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 11:26] . 2013-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 11:26] . 2013-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1000138055-1634324615-3746106458-1001Core.job - c:\users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 19:17] . 2013-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1000138055-1634324615-3746106458-1001UA.job - c:\users\Sara\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 19:17] . 2013-03-25 c:\windows\Tasks\PrintProjects Communicator.job - c:\programdata\PrintProjects\Communicator.exe [2012-10-28 17:33] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-03 6486120] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-09-03 2120808] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-09-24 727664] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.searchnu.com/406 mLocal Page = c:\windows\SysWOW64\blank.htm IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-10 - (no file) Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe Toolbar-10 - (no file) AddRemove-USB_ANT_SIUSBXP_3_1&1004&0FCF - c:\windows\system32\Silabs\DriverUninstaller.exe USBXpress\USB_ANT_SIUSBXP_3_1&1004&0FCF . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{C424171E-592A-415A-9EB1-DFD6D95D3530}"=hex:51,66,7a,6c,4c,1d,38,12,70,14,37, c0,18,17,34,04,e1,a7,9c,96,dc,03,71,24 "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8, 0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70 "{17166733-40EA-4432-A85C-AE672FF0E236}"=hex:51,66,7a,6c,4c,1d,38,12,5d,64,05, 13,d8,0e,5c,01,d7,4a,ed,27,2a,ae,a6,22 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1, 79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77, b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{BF42D4A8-016E-4FCD-B1EB-837659FD77C6}"=hex:51,66,7a,6c,4c,1d,38,12,c6,d7,51, bb,5c,4f,a3,0a,ce,fd,c0,36,5c,a3,33,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:41,24,b9,dc,74,d1,cc,01 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-03-25 19:33:59 ComboFix-quarantined-files.txt 2013-03-25 18:33 . Vor Suchlauf: 13 Verzeichnis(se), 357.356.060.672 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 357.396.791.296 Bytes frei . - - End Of File - - 8A023B6727B7B978753742261626E2EF |
25.03.2013, 20:44 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Fehlermeldung beim Start JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
25.03.2013, 21:17 | #13 |
| Windows Fehlermeldung beim StartCode:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.7.3 (03.23.2013:1) OS: Windows 7 Home Premium x64 Ran by Sara on 25.03.2013 at 20:51:02,15 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\datamngr Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1000138055-1634324615-3746106458-1001\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1000138055-1634324615-3746106458-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_local_machine\software\datamngr Successfully deleted: [Registry Key] hkey_current_user\software\datamngr_toolbar Successfully deleted: [Registry Key] hkey_current_user\software\ilivid Successfully deleted: [Registry Key] hkey_current_user\software\ilividtoolbarguid Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\ilividtoolbarguid Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\browserconnection.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetup.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\clsid\{ce4db5a3-58e6-41f1-8761-47238df4f468} Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ilividiehelper.dnsguard Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ilividiehelper.dnsguard.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\typelib\{75e8da27-44af-40ae-927c-f2eec99d65b1} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\datamngrui_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\datamngrui_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\ilividmediabar_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\ilividmediabar_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\ilividsrtb Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\uninstall\ilividtoolbarguid Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406} ~~~ Files Successfully deleted: [File] "C:\Users\Sara\AppData\Roaming\microsoft\windows\start menu\programs\ilivid.lnk" Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" Successfully deleted: [Folder] "C:\ProgramData\browser manager" Successfully deleted: [Folder] "C:\Users\Sara\AppData\Roaming\dvdvideosoftiehelpers" Failed to delete: [Folder] "C:\Users\Sara\appdata\local\ilivid" Successfully deleted: [Folder] "C:\Users\Sara\appdata\locallow\datamngr" Successfully deleted: [Folder] "C:\Users\Sara\appdata\locallow\ilividtoolbarguid" Successfully deleted: [Folder] "C:\Users\Sara\appdata\locallow\searchresultstb" Successfully deleted: [Folder] "C:\Program Files (x86)\search results toolbar" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 25.03.2013 at 20:59:27,35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.115 - Datei am 25/03/2013 um 21:00:30 erstellt # Aktualisiert am 17/03/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Sara - SARA-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Sara\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Users\Sara\AppData\Local\Ilivid Ordner Gelöscht : C:\Users\Sara\AppData\Local\PackageAware ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN DTX Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16470 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v25.0.1364.172 Datei : C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.17] : homepage = "hxxp://www.searchnu.com/406", Gelöscht [l.21] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ] Gelöscht [l.61] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=484&systemid=406&apn_dtid[...] Gelöscht [l.1729] : homepage = "hxxp://www.searchnu.com/406", Gelöscht [l.2217] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ] -\\ Opera v12.14.1738.0 Datei : C:\Users\Sara\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [2465 octets] - [25/03/2013 21:00:30] ########## EOF - C:\AdwCleaner[S1].txt - [2525 octets] ########## Code:
ATTFilter OTL logfile created on: 25.03.2013 21:04:15 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sara\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,74 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 62,82% Memory free 7,48 Gb Paging File | 5,91 Gb Available in Paging File | 79,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,07 Gb Total Space | 335,61 Gb Free Space | 74,40% Space Free | Partition Type: NTFS Computer Name: SARA-PC | User Name: Sara | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sara\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\Opera.exe (Opera Software) PRC - C:\Users\Sara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () MOD - C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll () MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (McODS) -- C:\Programme\mcafee\virusscan\mcods.exe (McAfee, Inc.) SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation) DRV:64bit: - (ss_bserd) -- C:\Windows\SysNative\drivers\ss_bserd.sys (MCCI Corporation) DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI) DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WinDriver6) -- C:\Windows\SysNative\drivers\windrvr6.sys (Jungo) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (stus2x64) -- C:\Windows\SysNative\drivers\stusb2ir.sys () DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{0FAB72D4-C4C3-42E2-8EB8-CD082777341E}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms} IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{7606506C-A72E-4E04-A35F-FDE2D9508D1D}: "URL" = hxxp://go.gmx.net/suchbox/ie_amazon/?keywords={searchTerms} IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{8309B5CB-BC6A-4469-AB54-F6FEC7365F95}: "URL" = hxxp://go.gmx.net/br/ie8_search_amazon/?keywords={searchTerms} IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{A563A16F-3330-4365-ACEC-D948FED35A25}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\SearchScopes\{F59B66D6-53F5-4065-BABB-CFAEC28B1326}: "URL" = hxxp://go.gmx.net/br/ie8_search_ebay/?q={searchTerms} IE - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sara\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sara\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.02.14 09:03:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.01.05 15:57:59 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Search Results () CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Sara\appdata\local\google\chrome\application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Sara\appdata\local\google\chrome\application\24.0.1312.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sara\appdata\local\google\chrome\application\24.0.1312.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Azov Sea Theme = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\edlbggommlbjkfcfpclbcffgfkmkmega\1.0.2_0\ CHR - Extension: SiteAdvisor = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\ CHR - Extension: Google Mail = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.03.25 19:12:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3:64bit: - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O3 - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001..\Run: [Spotify Web Helper] C:\Users\Sara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-1000138055-1634324615-3746106458-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpngw.rz.uni-landau.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F16D9FE5-A289-411B-9092-8CBF23999496}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.25 21:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.03.25 21:03:04 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{4ED9818D-CF9B-425A-B2C5-4C06C13286E4} [2013.03.25 20:54:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.25 20:51:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.25 20:50:29 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.25 20:47:25 | 000,550,069 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Sara\Desktop\JRT.exe [2013.03.25 20:46:21 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{24E7F50E-D239-4A94-9F7B-6771D55C2BE6} [2013.03.25 20:31:52 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{6EF8DC07-AC4C-448D-B1B0-979D2A505961} [2013.03.25 19:34:20 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.25 18:58:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.25 18:58:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.25 18:58:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.25 18:54:49 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.25 18:54:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.25 18:53:20 | 005,044,493 | R--- | C] (Swearware) -- C:\Users\Sara\Desktop\ComboFix.exe [2013.03.25 16:17:08 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sara\Desktop\tdsskiller.exe [2013.03.25 08:29:05 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{A047A5C5-1D03-4B33-B0EA-856ED333DB2E} [2013.03.24 19:01:16 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Sara\Desktop\aswMBR.exe [2013.03.24 18:45:06 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{39C9A3AC-92C8-4996-B272-39CF0D6673FD} [2013.03.23 15:02:02 | 000,000,000 | ---D | C] -- C:\Users\Sara\Desktop\mbar-1.01.0.1021 [2013.03.23 14:40:56 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{41D86167-CBEA-4BC2-A17D-B2D96BA5181E} [2013.03.22 21:59:54 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{B08C3250-DE7B-4CD6-AB1E-99B48381F54D} [2013.03.22 19:35:23 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{CB3EC655-C240-4F45-AD6A-34DC9C975BA5} [2013.03.22 19:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.21 20:24:07 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.21 17:24:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe [2013.03.21 17:16:54 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{14CA20AB-C3FC-4BB4-8DDF-692700890D44} [2013.03.20 16:35:23 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{A3097381-780D-4D19-820E-7E8ED45AB86B} [2013.03.19 18:47:20 | 000,000,000 | ---D | C] -- C:\Users\Sara\.thumbnails [2013.03.19 18:45:38 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\fontconfig [2013.03.19 18:45:37 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\gegl-0.2 [2013.03.19 18:45:37 | 000,000,000 | ---D | C] -- C:\Users\Sara\.gimp-2.8 [2013.03.19 18:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2013.03.19 17:31:18 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{788A28F4-19C7-49BC-A729-5EE1943B758D} [2013.03.19 14:22:24 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{1938E1DD-0DFC-4FF2-A334-ADED4DDD3034} [2013.03.19 12:51:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.03.18 20:36:46 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{057D4799-50DC-46E3-B9C1-93454596CE49} [2013.03.18 18:18:30 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{08719F14-440F-4AD6-A7BA-8468630C9879} [2013.03.17 13:59:23 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{7AA03E13-25D5-40E6-8B0C-54D96CA770A1} [2013.03.17 11:40:45 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{F15061FC-2A6B-4422-8978-B36754B9D505} [2013.03.16 20:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.03.16 20:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.03.16 16:16:05 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{6B4DF617-F1DD-4670-8D9E-55B5C63E7AB1} [2013.03.16 15:08:02 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{0090C1B9-C41F-41A6-911E-41EC1D0A512B} [2013.03.14 21:19:50 | 000,000,000 | R--D | C] -- C:\Users\Sara\AppData\Roaming\Brother [2013.03.14 21:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother [2013.03.14 14:42:30 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{784BB893-5C17-4FB9-8600-C63FE895DFAC} [2013.03.14 13:45:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.14 13:45:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.14 13:45:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.14 13:45:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.14 13:45:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.14 13:45:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.14 13:45:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.14 13:45:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.14 13:45:05 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.14 13:45:05 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.14 13:45:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.14 13:45:05 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.14 13:45:04 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.14 13:45:04 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.14 13:45:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.14 13:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 13:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.14 13:43:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.13 19:01:41 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{050791EC-17E2-4A3D-A7DF-7F01D9CBC757} [2013.03.13 18:38:52 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{61648433-5ACB-4BB0-86D5-B90E38B6DC48} [2013.03.13 18:17:43 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{8C5C8818-FD49-4F85-BDFA-5076C8F699BB} [2013.03.13 15:37:37 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{CBE4028F-FB27-4A89-90C4-3ABEADB45C62} [2013.03.12 17:15:51 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{AC4CE1CD-DC56-47FE-BB16-9CD45B7428E2} [2013.03.11 16:16:48 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{3ABDFA62-A2D3-4A4A-875A-8EAF0760ADBB} [2013.03.10 10:10:54 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{1E0C6003-ED01-4797-AB38-6ECAAA27AFD9} [2013.03.10 00:37:33 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{7618A0CA-2C69-402E-9B92-34791AB7869A} [2013.03.09 08:40:22 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{55643EAE-A480-42DD-859D-ED55CC0553E2} [2013.03.08 19:11:14 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{12A66BD9-0692-404A-B53F-3CCBFA3A43A9} [2013.03.08 06:44:07 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{908996C3-12CB-420D-A358-6C1E95076507} [2013.03.07 20:42:43 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{E159079F-6E53-45EE-8D15-815608CBBD91} [2013.03.07 19:49:35 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{0DD71785-51A5-48BD-9B22-4027DA52391A} [2013.03.07 18:20:57 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{489F9BB3-172D-4EC4-88BD-4D053C9C15F4} [2013.03.07 15:01:26 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.07 15:01:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.07 15:01:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.07 15:01:18 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.07 15:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.06 06:49:21 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{5807DA32-5E3B-4208-AAF5-A4AF16078333} [2013.03.05 18:37:41 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{4932D3DF-4B37-4414-9EF2-C86179C4FCF5} [2013.03.05 06:11:28 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{F5228D80-0737-4FFF-9279-C43A8E04E205} [2013.03.04 17:35:27 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{F42E5F29-22E7-4156-A287-9E3FF1B3DCBD} [2013.03.03 10:04:00 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{48C365AE-2397-47D5-9C63-9A6B46AB9544} [2013.03.03 10:01:42 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{4FC6C06A-29BB-480F-9BBA-2779CF10503E} [2013.03.02 10:23:31 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{6C2F3475-B322-4768-A760-9C709DAEE151} [2013.03.02 01:46:26 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{CB790D01-A9A1-4E72-9C73-C62206AD45C2} [2013.03.01 22:02:00 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{8F7FDF86-EAAE-4FE6-8ED1-3D0D160C2FD1} [2013.02.28 23:12:31 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{15ABEF76-9DCB-43E5-B7C1-F644F2014D72} [2013.02.28 18:31:41 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{CF7A1E32-99F7-4D92-9223-FEAB6E61F35C} [2013.02.28 10:42:24 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.28 10:42:23 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.28 10:42:23 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.28 10:42:23 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.28 10:42:18 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.28 10:42:18 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.28 10:42:15 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.28 10:42:15 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 10:42:15 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 10:42:15 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 10:42:15 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 10:42:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 10:42:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 10:42:15 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 10:42:15 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 10:42:14 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.28 10:42:14 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.28 10:42:14 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.28 10:42:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 10:42:14 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 10:42:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 10:42:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 10:42:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 10:42:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 10:42:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 10:42:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 10:42:13 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.28 10:42:13 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.28 10:42:13 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.28 10:42:13 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.28 10:42:13 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.28 10:42:13 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.28 10:42:13 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.28 10:42:13 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.28 10:42:13 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.28 10:42:13 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.28 10:42:13 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.28 10:42:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 10:42:13 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 10:42:12 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.28 10:42:12 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.27 16:13:52 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{454EC48A-657A-407B-A173-E70309299B18} [2013.02.27 15:43:17 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{39C447C8-455E-43E4-9C5F-88B4ECF22C85} [2013.02.27 06:18:58 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{7F79B42A-B562-400C-B78C-9D76A63FD641} [2013.02.26 17:34:10 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{528898C4-661D-4401-891B-2D7DC5D47EE0} [2013.02.25 18:13:46 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{917E88F1-65AE-4DA3-8488-A7C27F673ABF} [2013.02.24 23:11:41 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{245995BF-981C-4280-8A5D-A4627E72C82D} [2013.02.24 08:06:54 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Local\{88FD7D03-6038-4BD3-8BB1-85B9658F876C} ========== Files - Modified Within 30 Days ========== [2013.03.25 21:09:14 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.25 21:09:14 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.25 21:08:48 | 001,507,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.25 21:08:48 | 000,657,948 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.25 21:08:48 | 000,619,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.25 21:08:48 | 000,131,288 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.25 21:08:48 | 000,107,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.25 21:06:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\PrintProjects Communicator.job [2013.03.25 21:01:54 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.25 21:01:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.25 21:01:39 | 3010,695,168 | -HS- | M] () -- C:\hiberfil.sys [2013.03.25 20:49:10 | 000,609,993 | ---- | M] () -- C:\Users\Sara\Desktop\adwcleaner.exe [2013.03.25 20:47:26 | 000,550,069 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Sara\Desktop\JRT.exe [2013.03.25 20:30:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.25 20:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.25 20:16:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1000138055-1634324615-3746106458-1001UA.job [2013.03.25 19:16:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1000138055-1634324615-3746106458-1001Core.job [2013.03.25 19:12:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.25 18:53:54 | 005,044,493 | R--- | M] (Swearware) -- C:\Users\Sara\Desktop\ComboFix.exe [2013.03.25 16:17:08 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sara\Desktop\tdsskiller.exe [2013.03.25 16:16:34 | 000,000,512 | ---- | M] () -- C:\Users\Sara\Desktop\MBR.dat [2013.03.25 12:09:40 | 516,052,134 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.24 19:01:16 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Sara\Desktop\aswMBR.exe [2013.03.23 15:00:57 | 013,786,977 | ---- | M] () -- C:\Users\Sara\Desktop\mbar-1.01.0.1021.zip [2013.03.21 17:24:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe [2013.03.20 19:25:22 | 000,002,193 | ---- | M] () -- C:\Users\Sara\AppData\Local\recently-used.xbel [2013.03.16 20:05:06 | 000,001,404 | ---- | M] () -- C:\Users\Sara\Desktop\Free YouTube to MP3 Converter.lnk [2013.03.16 16:18:00 | 000,002,366 | ---- | M] () -- C:\Users\Sara\Desktop\Google Chrome.lnk [2013.03.12 20:23:36 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.12 20:23:36 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.07 15:01:14 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.03.07 15:01:14 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.07 15:01:14 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.07 15:01:14 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.07 15:01:14 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.07 15:01:14 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll ========== Files Created - No Company Name ========== [2013.03.25 20:49:05 | 000,609,993 | ---- | C] () -- C:\Users\Sara\Desktop\adwcleaner.exe [2013.03.25 18:58:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.25 18:58:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.25 18:58:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.25 18:58:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.25 18:58:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.25 16:16:34 | 000,000,512 | ---- | C] () -- C:\Users\Sara\Desktop\MBR.dat [2013.03.23 15:00:43 | 013,786,977 | ---- | C] () -- C:\Users\Sara\Desktop\mbar-1.01.0.1021.zip [2013.03.20 19:25:22 | 000,002,193 | ---- | C] () -- C:\Users\Sara\AppData\Local\recently-used.xbel [2013.03.19 18:44:37 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2013.03.16 20:05:06 | 000,001,404 | ---- | C] () -- C:\Users\Sara\Desktop\Free YouTube to MP3 Converter.lnk [2012.09.21 19:10:48 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.18 12:33:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2012.04.18 12:33:22 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2012.02.17 14:53:47 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.09.14 09:14:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.25 20:13:34 | 000,000,046 | ---- | C] () -- C:\Users\Sara\AppData\Roaming\FactoryInstaller.xml [2011.01.01 22:22:50 | 000,012,288 | ---- | C] () -- C:\Users\Sara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 376 bytes -> C:\ProgramData\TEMP:898C038B < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.03.2013 21:04:15 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sara\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,74 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 62,82% Memory free 7,48 Gb Paging File | 5,91 Gb Available in Paging File | 79,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,07 Gb Total Space | 335,61 Gb Free Space | 74,40% Space Free | Partition Type: NTFS Computer Name: SARA-PC | User Name: Sara | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\PHOTO PORST\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PHOTO PORST] -- "C:\Program Files (x86)\CEWE COLOR\PHOTO PORST\PHOTO PORST.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\PHOTO PORST\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PHOTO PORST] -- "C:\Program Files (x86)\CEWE COLOR\PHOTO PORST\PHOTO PORST.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06D35904-D4ED-4564-BB9C-CF318E4B3243}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{16E7AC35-16B8-404E-A15D-AEA6E52EE2EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{19DE51F6-520D-4A64-B57E-2B2B85E552C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{3C836DAE-02F8-40CC-8D1F-765D33D8C897}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | "{5F3A4BC8-B948-4E33-82B5-3295AC8A5E3E}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | "{7D128F5F-D454-4C8A-B35A-78A07AFDA2EF}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{8C273FDC-AFF6-44E3-BC1A-BA2F0EBDEEBD}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{ACFB9A1B-6D83-462F-8640-69F9AA008988}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{E28190FE-E956-4C4F-B194-8C8D82980171}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02BBE23B-AA65-4362-A85A-C6E8D8D290E9}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | "{03D461B0-F561-43CC-86AA-296A45181052}" = protocol=6 | dir=in | app=c:\program files (x86)\tacx\tacxtrainersoftware3\updater\tacxupdate.exe | "{0AE65EF5-1EE2-41EF-9004-16F7C8DFE96E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{14E11E0D-B8A6-45F1-8549-9327A03F4696}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe | "{1C8829C5-656D-42AF-AC0A-D28A51B9E1B4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{2266FC5C-2A1F-42AE-A84B-AFF3F8CA588F}" = protocol=17 | dir=in | app=c:\program files (x86)\tacx\tacxtrainersoftware3\tools\fortiusvirtualreality\fortiusvirtualreality.exe | "{23693DF8-2479-4F8E-BC28-22AD26EFCCF8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{272C739A-BABE-4F2A-9C80-A58C33D1C3F4}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | "{277EB699-9EBA-4943-B3DD-5A339CD33779}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{2BA52BB3-2A07-46F3-9443-0D443549241E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{32934696-829E-4DEE-B7DF-AAAA8C2F1946}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | "{34702D3F-1715-4CF5-BE30-C37FD0869CCB}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | "{36013261-0C23-4F6F-BCC5-B9CE1B4A6ACD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3A3885E3-0256-4D27-8118-D47E7533FEF6}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | "{3EF84D4F-F7D8-4C5D-BB8F-21DC82177301}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{429C32B7-EEA0-4297-A58D-F54A63BF4241}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{42F6BE1E-A755-423A-ADD9-824D066F89CE}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | "{4513BF0F-58F2-41B9-AB44-FF4EA696ABF3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{4A6B4280-4588-43F4-BA63-A7FC16C3F491}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{4C0E7999-4BDC-40DF-91DA-42127E84ABC1}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | "{4F65BFCF-4BA6-4C60-BB54-E0ECC0E03A64}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | "{4F84FA8B-E17D-4B4C-B1A7-505FF91D852A}" = protocol=6 | dir=in | app=c:\program files (x86)\tacx\tacxtrainersoftware3\trainersoftware.exe | "{543F6FCE-933F-4DCE-8585-FB10E610E041}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{5AF2798B-0B65-4EF8-9D98-85CBB6E21AC2}" = protocol=17 | dir=in | app=c:\program files (x86)\tacx\tacxtrainersoftware3\updater\tacxupdate.exe | "{5CC0C036-DA12-4CA5-B991-17297D1BCB51}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | "{65FD9F9D-7A3E-4129-99C9-8310481F4541}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe | "{6C883459-0B65-442D-B588-AAFDBFED09F7}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{6D1C1D66-00DD-44B4-A725-188E06EBEBE2}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | "{722FB6F4-75CD-4189-8864-9F93625605FD}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe | "{7B5723F0-B0C1-4598-BC99-C8D8433C688B}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | "{7D06989A-E106-4D10-9EEA-D3DA570AD501}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | "{7FEDA198-3552-45AB-877D-DA1E471452DD}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{8833CF51-4ACD-435C-9515-64639215E18E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{884611A4-923F-4AB7-A56F-9B98F9156E40}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{8AB34510-058A-4D9E-8A31-1992F0385AD3}" = protocol=17 | dir=in | app=c:\program files (x86)\tacx\tacxtrainersoftware3\trainersoftware.exe | "{8F66B152-DCE4-45AC-80C0-16BB595047A9}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | "{96DB2B4E-45FB-4597-82D6-AA0E436A2AD3}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe | "{A360B50B-E9AD-4F02-AC47-9A8A6D1E9CA9}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{AB1B97AA-CAC5-464B-A5F5-0D2613BB3DC1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{B32F92D8-D35B-4605-99AA-F3210E8A6ACE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{B5A888DE-62E9-4900-87B7-023E1C691742}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{B617897E-9730-4B56-A8B6-B378CCD75B4D}" = protocol=6 | dir=in | app=c:\program files (x86)\tacx\tacxtrainersoftware3\tools\fortiusvirtualreality\fortiusvirtualreality.exe | "{C47821E1-5B13-441D-9991-E5D5FFB4088F}" = protocol=17 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe | "{C905FB3C-ACB3-48DC-A5E9-09B80A966F11}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | "{C9589F9E-C7C9-4FF1-B00A-4D69BE14033A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{C9787D46-3F27-4BE8-8036-BD3EEAF65158}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | "{CDF91C5E-6421-4E86-A7E0-7E1868728BED}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | "{D024DA84-8F25-4F27-A87E-B8CA5AE25DF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D41E25C6-FE6E-4452-BDC6-AB37BE7E4316}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{D4CBFE10-B14D-41FE-B8E7-241602C18429}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | "{E195A821-B3C4-4484-89C4-3A318D51D630}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ECF3A44A-FDE9-4B39-B4C5-12DA71D13B7E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EF802186-DA9C-48A5-A8A5-4AC967EF9172}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{F2BC0641-1F5F-4FEB-A72C-608E5C31554C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{F8C3BB83-D506-4A0B-BE06-EA5B069A3C30}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | "{FB331818-16DD-4326-B40F-85B676E2F05A}" = protocol=6 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe | "{FFDF9A95-8EDD-4739-A07D-A1A248A30B58}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit) "{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi-Software "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "GIMP-2_is1" = GIMP 2.8.4 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2BB67A89-56A3-4CEA-9D5B-B68F5C4D8682}" = Internet Explorer 8 GMX Edition "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer "{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{56BA241F-580C-43D2-8403-947241AAE633}" = center "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AD671B1-4FAD-43A1-9EC2-42301DFF3D3C}" = The Grossglockner 2008 - Austria "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11 "{8B5D5C58-A053-4832-949A-53933682588D}" = Mallorca Tour I - Spain "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{98C25937-BE36-D16A-F0F6-C66F6173CFA6}" = Saal Design Software "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn "{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials "{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F35B473D-FC7C-4F29-8B4F-223B06369F0F}" = Tacx Trainer software 3 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung "1&1 Mail & Media GmbH Toolbar IE8" = GMX MailCheck für Internet Explorer "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "Dell Dock" = Dell Dock "Dell Webcam Central" = Dell Webcam Central "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50 "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09] "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128 "Happyland Adventures - Xmas Edition_is1" = Happyland Adventures - Xmas Edition v1.3 "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "Internet Explorer 8 GMX Edition" = Internet Explorer 8 GMX Edition "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "McAfee Security Scan" = McAfee Security Scan Plus "MSC" = McAfee SecurityCenter "NVIDIA.Updatus" = NVIDIA Updatus "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Opera 12.14.1738" = Opera 12.14 "PHOTO PORST" = PHOTO PORST "PrintProjects" = PrintProjects "SaalDesignSoftware" = Saal Design Software "TeamViewer 7" = TeamViewer 7 "USB_ANT_SIUSBXP_3_1&1004&0FCF" = USB ANT Stick Silicon Laboratories USBXpress Device (Driver Removal) "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1000138055-1634324615-3746106458-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "MyFreeCodec" = MyFreeCodec "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Cisco AnyConnect Secure Mobility Client Events ] Error - 25.03.2013 16:00:36 | Computer Name = Sara-PC | Source = acvpnagent | ID = 67108866 Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp Line: 404 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31588341 (0xFE1E000B) Description: SOCKETTRANSPORT_ERROR_WRITE Error - 25.03.2013 16:01:52 | Computer Name = Sara-PC | Source = acvpnagent | ID = 67108866 Description = Function: XmlParser::invokeParser File: .\Xml\XmlParser.cpp Line: 182 Invoked Function: ISAXXMLReader::parse Return Code: -2146697210 (0x800C0006) Description: WINDOWS_ERROR_CODE Error - 25.03.2013 16:01:52 | Computer Name = Sara-PC | Source = acvpnagent | ID = 67108866 Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp Line: 603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Error - 25.03.2013 16:01:57 | Computer Name = Sara-PC | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 25.03.2013 16:02:23 | Computer Name = Sara-PC | Source = acvpnui | ID = 67108866 Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142 Invoked Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>. Error - 25.03.2013 16:02:24 | Computer Name = Sara-PC | Source = acvpnui | ID = 67108866 Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328 Invoked Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine Daten mehr verfügbar. Error - 25.03.2013 16:02:24 | Computer Name = Sara-PC | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1336 NULL object. Cannot establish a connection at this time. Error - 25.03.2013 16:06:52 | Computer Name = Sara-PC | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 25.03.2013 16:06:52 | Computer Name = Sara-PC | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 25.03.2013 16:06:52 | Computer Name = Sara-PC | Source = acvpnagent | ID = 67108865 Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp Line: 311 m_pITelemetryPlugin is NULL [ Dell Events ] Error - 23.03.2011 10:34:53 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 25.04.2011 15:12:30 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 25.04.2011 15:12:30 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 29.04.2011 09:49:03 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 29.04.2011 09:49:03 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 27.06.2011 07:10:20 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 27.06.2011 07:10:20 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 12.07.2011 08:24:55 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 12.07.2011 08:24:55 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 28.07.2011 14:41:16 | Computer Name = Sara-PC | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. [ System Events ] Error - 25.03.2013 16:04:09 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 25.03.2013 16:04:09 | Computer Name = Sara-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > |
25.03.2013, 23:04 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Fehlermeldung beim Start Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
27.03.2013, 21:27 | #15 |
| Windows Fehlermeldung beim Start Malwarebytes hat nichts gefunden. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=c9c90c92be47294aa9849a670a46c666 # engine=13497 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-03-27 06:15:52 # local_time=2013-03-27 07:15:52 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5122 16777213 100 88 1642083 113190748 0 0 # compatibility_mode=5893 16776574 100 94 55657874 116038002 0 0 # scanned=219068 # found=0 # cleaned=0 # scan_time=8090 |
Themen zu Windows Fehlermeldung beim Start |
anzeige, betriebssystem, bildschirm, blauer, blauer bildschirm, computer, fehler, fehlercode, fehlercode 0x4, fehlermeldung, fertig, gestartet, hallo zusammen, jahre, kaputt, lange, laptop, neue, problem, probleme, sekunden, start, starten, unbekannter, windows, zusammen |