| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Dropper.gen gefunden, wie entferne ich diesen TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.04.2013, 17:27
| #1 |
 |  TR/Dropper.gen gefunden, wie entferne ich diesen Trojaner Hallo, ich habe bei mir bei einem Routinescan den Trojaner TR/Dropper.gen gefunden. Ist der gefährlich und wie kann ich ihn entfernen? Ich habe ihn jetzt erst einmal in Quarantäne gepackt. Bitte helft mir. Vielen Dank Vielen Dank Tobias |
|
28.04.2013, 19:40
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Dropper.gen gefunden, wie entferne ich diesen Trojaner Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
29.04.2013, 15:56
| #3 |
| | TR/Dropper.gen gefunden, wie entferne ich diesen Trojaner Nein, bis auf das wurde nix gefunden. Hab den Malwarebytes grade runtergeladen, aber keinen Scan gemacht. Hab ansonsten nur den Avira.
__________________Code:
ATTFilter Exportierte Ereignisse:
28.04.2013 18:25 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Tobias\AppData\Roaming\Ogmyx\ditit.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
Die Quelldatei konnte nicht gefunden werden.
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei existiert nicht!
31.03.2013 04:43 [Updater] Update nicht ausgeführt
Das Update von Computer LAPTOP (127.0.0.1) von
"hxxp://prempeak.avira-update.com/update" ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.
Viele Grüße und Danke schon mal für deine Hilfe! Tobias |
|
29.04.2013, 22:39
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen gefunden, wie entferne ich diesen Trojaner Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.04.2013, 22:53
| #5 |
| | TR/Dropper.gen gefunden, wie entferne ich diesen Trojaner Hier die Logfiles: OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.04.2013 23:46:42 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tobias\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 4,72 Gb Available Physical Memory | 59,92% Memory free 11,76 Gb Paging File | 7,55 Gb Available in Paging File | 64,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918,01 Gb Total Space | 850,10 Gb Free Space | 92,60% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Tobias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tobias\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries) PRC - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries) PRC - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.) PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE (SoftThinks - Dell) PRC - C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks SAS) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Intel) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) PRC - C:\Programme\Activ Software\ActivDriver\ActivMgr.exe () PRC - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\f61cb86d40d67f10a44cd46f19f68246\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9c95779cc3d65cda80695cabc367476b\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\07e482b2b9035605233f2cb72408d6b1\System.ServiceModel.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\a91dc79bf846144ee47efc08e17bb3e2\UIAutomationTypes.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\500a5dd33bb40326f8ca43e385513ec2\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\ae639f7ba0abe58167f116c6c970514d\IAStorDataMgrSvcInterfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\2158f85dac5dae9e6e4ddc20342769a7\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\9a4fc56833542881e7e451a099562655\System.ServiceModel.Internals.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\89cc9825811c2121acd4e2e12c0ef044\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b82511e7c8cb919ca0dc6125489e03e2\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f641b786d36d1cc5a5531a746c96ce1b\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\115fb9d1fa2cbda89742b1c2a0631396\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\cf7db4fae047127374f220b4f59bea45\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\cb1bedf1f9e8972aa76ad73f725b964b\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\38638a559066bf7f2325a53ed53629bc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\05cc6faa6704d01e78700561b22937e3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8347ac8367f91309fa888d79a54c7450\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\6824c9f11ea82b4148780cd92c9d6745\PresentationFramework.Aero2.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1c7f4533b2b24c10a628793a8b93e1a7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\15cc4fff434f274c1f6ab56a385dcb54\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0247de206c1c48ac4f8b55df16468405\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\38b47b5452863bcadb6b731fe6c5198f\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fb048f69c5b71baf063604bd1724b078\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll () MOD - C:\Windows\libactivboardex.dll () MOD - C:\Programme\Activ Software\ActivDriver\QtXml4.dll () MOD - C:\Programme\Activ Software\ActivDriver\QtGui4.dll () MOD - C:\Programme\Activ Software\ActivDriver\QtNetwork4.dll () MOD - C:\Programme\Activ Software\ActivDriver\QtCore4.dll () MOD - C:\Programme\Activ Software\ActivDriver\ActivMgr.exe () ========== Services (SafeList) ========== SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Garmin Core Update Service) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries) SRV - (DellDigitalDelivery) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (HTCMonitorService) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (SftService) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks SAS) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (AtherosSvc) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe (Qualcomm Atheros Commnucations) SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (Intel(R) -- c:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\Drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\Drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\Drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\Drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\Drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\Drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated) DRV:64bit: - (DellRbtn) -- C:\Windows\SysNative\Drivers\DellRbtn.sys (OSR Open Systems Resources, Inc.) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\Drivers\irstrtdv.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros) DRV:64bit: - (qca_shb) -- C:\Windows\SysNative\Drivers\qca_shb.sys (Qualcomm Atheros Communications Inc.) DRV:64bit: - (lehidmini) -- C:\Windows\SysNative\Drivers\leath_hid.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros) DRV:64bit: - (AthDfu) -- C:\Windows\SysNative\Drivers\AthDfu.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros) DRV:64bit: - (ST_Accel) -- C:\Windows\SysNative\Drivers\ST_Accel.sys (STMicroelectronics) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\Drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\Drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (prmvmouse) -- C:\Windows\SysNative\Drivers\activmouse.sys (Promethean Technologies Ltd) DRV:64bit: - (ActivHidSerMini) -- C:\Windows\SysNative\Drivers\activhidsermini.sys (Promethean Technologies Ltd) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys (HTC, Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{ED2F4835-F194-4914-BA3A-830A7D92DA4B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{ED2F4835-F194-4914-BA3A-830A7D92DA4B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes,DefaultScope = {0F0A6FAC-CB9E-45E5-A9FA-44266D885144} IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{0F0A6FAC-CB9E-45E5-A9FA-44266D885144}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{78235E1E-A95E-4AE3-8189-1E3516193257}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{7D68CED7-68F1-4AAC-BB6C-9203C21E07E8}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{A82772B2-62A0-4908-91F0-CCF979E0C903}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{CB8AFD95-9DFC-482B-A59D-DCEDBA8F7573}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{D2DC595E-B89B-4CAD-AEAD-76F424DD5C05}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 15:46:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\sparpilot@sparpilot.com: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\bvl1jeik.default\extensions\sparpilot@sparpilot.com FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 15:46:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.26 22:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Extensions [2013.04.04 15:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.04 15:46:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.28 14:07:16 | 000,001,685 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.28 14:07:16 | 000,001,936 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.28 14:07:16 | 000,001,272 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.28 14:07:16 | 000,007,052 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.28 14:07:16 | 000,001,279 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.28 14:07:16 | 000,001,171 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ActivControl] C:\Programme\Activ Software\ActivDriver\ActivControl2x64.exe (Promethean Technologies Group Ltd) O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe (Qualcomm Atheros) O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelMyWiFiDashboard] C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries) O4 - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\Software\Policies\Microsoft\Internet Explorer\Recovery present O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..Trusted Domains: dell.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13BC66AB-6FA1-45E9-A489-875FE8C55750}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL (NVIDIA Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.29 23:45:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe [2013.04.29 16:50:24 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Malwarebytes [2013.04.29 16:50:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.29 16:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.29 16:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.29 16:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.29 16:48:07 | 000,000,000 | R--D | C] -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.04.25 19:11:20 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\Activstudio3 [2013.04.22 19:47:36 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Identities [2013.04.22 19:47:12 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Ogmyx [2013.04.22 19:47:12 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Noiw [2013.04.22 19:47:12 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Bykat [2013.04.15 20:04:07 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\HTC [2013.04.15 20:04:06 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\HTC Sync [2013.04.15 20:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC [2013.04.15 20:02:44 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\HTC MediaHub [2013.04.15 20:02:44 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\HTC [2013.04.15 20:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola [2013.04.15 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2013.04.15 20:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2013.04.15 20:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications [2013.04.15 20:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2013.04.15 20:01:32 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Downloaded Installations [2013.04.14 18:35:29 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll [2013.04.14 18:35:26 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.04.14 18:35:25 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013.04.14 18:35:25 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013.04.14 18:35:23 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll [2013.04.14 18:35:23 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll [2013.04.14 18:35:22 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.14 18:35:22 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2013.04.14 18:35:22 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll [2013.04.14 18:35:22 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll [2013.04.14 18:35:22 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys [2013.04.14 18:35:21 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll [2013.04.14 18:35:20 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll [2013.04.14 18:35:20 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll [2013.04.14 18:35:19 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.14 18:35:19 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.04.14 18:35:19 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013.04.14 18:35:19 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll [2013.04.14 18:35:19 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll [2013.04.14 18:35:19 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll [2013.04.14 18:35:19 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll [2013.04.14 18:35:19 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll [2013.04.14 18:35:18 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll [2013.04.14 18:35:18 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll [2013.04.14 18:35:18 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.04.14 18:35:18 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013.04.14 18:35:17 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll [2013.04.14 18:35:16 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2013.04.14 18:35:16 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll [2013.04.14 18:35:16 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll [2013.04.14 18:35:16 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll [2013.04.14 18:35:16 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll [2013.04.14 18:35:15 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2013.04.14 18:35:15 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.04.14 18:35:15 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll [2013.04.14 18:35:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013.04.14 18:35:14 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll [2013.04.14 18:35:14 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll [2013.04.14 18:35:14 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.04.14 18:35:13 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013.04.14 18:35:13 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS [2013.04.14 18:35:13 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys [2013.04.14 18:35:13 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2013.04.14 18:35:13 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys [2013.04.14 18:35:13 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys [2013.04.14 18:35:13 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll [2013.04.14 18:35:13 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys [2013.04.14 18:35:13 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013.04.14 18:35:12 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll [2013.04.14 18:35:12 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe [2013.04.14 18:35:12 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl [2013.04.14 18:35:12 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl [2013.04.14 18:35:12 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys [2013.04.14 18:35:11 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe [2013.04.14 18:35:11 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL [2013.04.14 18:35:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll [2013.04.14 18:35:10 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll [2013.04.14 18:35:10 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013.04.14 18:35:10 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll [2013.04.14 18:35:10 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2013.04.14 18:35:10 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll [2013.04.14 18:35:10 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013.04.14 18:35:10 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2013.04.14 18:35:10 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013.04.14 18:35:10 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll [2013.04.14 18:35:10 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2013.04.10 13:38:27 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.10 13:38:23 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.04.10 13:38:23 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.10 13:38:23 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.10 13:38:22 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.10 13:38:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.10 13:38:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.10 13:38:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.10 13:38:21 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.10 13:38:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.10 13:38:13 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 13:38:09 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll [2013.04.10 13:38:09 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll [2013.04.07 19:33:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2013.04.05 19:58:32 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk [2013.04.05 19:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk [2013.04.05 19:58:32 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Google [2013.04.05 19:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.04.05 18:45:49 | 000,000,000 | ---D | C] -- C:\_OTL [2013.04.04 19:34:41 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\Alte Firefox-Daten [2013.04.04 15:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.01 16:52:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenuEX [2013.04.01 16:52:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2 [2013.04.01 16:52:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP [2013.04.01 16:52:19 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Canon [2013.04.01 16:52:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter [2013.04.01 16:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM [2013.04.01 16:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool [2013.04.01 16:48:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series Benutzerregistrierung [2013.04.01 16:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2013.04.01 16:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt [2013.04.01 16:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013.04.01 16:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2013.04.01 16:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series Manual [2013.04.01 16:42:33 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2013.04.01 16:42:24 | 000,366,592 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNMNPPM.DLL [2013.04.01 16:42:24 | 000,359,936 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6PPM.DLL [2013.04.01 16:42:24 | 000,039,424 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6UI.DLL [2013.04.01 16:42:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING [2013.04.01 16:31:08 | 000,385,024 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMAT.DLL [2013.04.01 16:31:01 | 000,373,248 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_ATL.dll [2013.04.01 16:31:01 | 000,323,584 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_ATL.dll [2013.04.01 16:31:01 | 000,302,080 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_ATC.dll [2013.04.01 16:31:01 | 000,114,688 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_ATU.dll [2013.04.01 16:31:01 | 000,112,128 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_ATI.dll [2013.04.01 16:31:01 | 000,017,920 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNHMCA6.dll [2013.04.01 16:31:01 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll [2013.04.01 16:28:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon ========== Files - Modified Within 30 Days ========== [2013.04.29 23:45:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe [2013.04.29 23:26:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.29 22:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.29 17:53:08 | 000,097,615 | ---- | M] () -- C:\Users\Tobias\Desktop\Unbenannt.png [2013.04.29 17:21:56 | 000,925,933 | ---- | M] () -- C:\Users\Tobias\Desktop\IMAG1258.jpg [2013.04.29 16:50:16 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.28 18:21:18 | 000,082,947 | ---- | M] () -- C:\Users\Tobias\Desktop\Trojanermeldung.jpg [2013.04.22 19:00:16 | 000,443,274 | ---- | M] () -- C:\Users\Tobias\Desktop\FUSSBALL---CL-Bayern-vs-Barcelona_1366568735899308.jpg [2013.04.20 22:24:58 | 001,399,026 | ---- | M] () -- C:\Users\Tobias\Desktop\Chihuahua.png [2013.04.20 14:25:56 | 000,031,088 | ---- | M] () -- C:\Users\Tobias\Desktop\n_real_madrid_anti_barca-5230586.jpg [2013.04.20 11:45:00 | 001,748,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.20 11:45:00 | 000,754,172 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.20 11:45:00 | 000,711,282 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.20 11:45:00 | 000,156,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.20 11:45:00 | 000,133,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.17 21:29:29 | 000,371,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.17 21:29:23 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.04.17 21:29:19 | 2474,426,367 | -HS- | M] () -- C:\hiberfil.sys [2013.04.14 19:32:10 | 000,192,164 | ---- | M] () -- C:\Users\Tobias\Desktop\Gästebuchseite Carolina und Tobias.pdf [2013.04.08 00:15:57 | 000,114,861 | ---- | M] () -- C:\Users\Tobias\Desktop\398177_3839145107751_1687868109_n.jpg [2013.04.07 22:26:55 | 000,069,102 | ---- | M] () -- C:\Users\Tobias\Desktop\431075_3189390104282_2085569437_n.jpg [2013.04.05 19:58:32 | 000,001,173 | ---- | M] () -- C:\Users\Tobias\Desktop\Google Talk.lnk [2013.04.04 16:34:09 | 000,000,106 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.03 00:08:01 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.03 00:08:01 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.04.29 17:53:08 | 000,097,615 | ---- | C] () -- C:\Users\Tobias\Desktop\Unbenannt.png [2013.04.29 17:21:56 | 000,925,933 | ---- | C] () -- C:\Users\Tobias\Desktop\IMAG1258.jpg [2013.04.29 16:50:16 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.28 18:21:18 | 000,082,947 | ---- | C] () -- C:\Users\Tobias\Desktop\Trojanermeldung.jpg [2013.04.22 19:00:23 | 000,443,274 | ---- | C] () -- C:\Users\Tobias\Desktop\FUSSBALL---CL-Bayern-vs-Barcelona_1366568735899308.jpg [2013.04.20 22:24:58 | 001,399,026 | ---- | C] () -- C:\Users\Tobias\Desktop\Chihuahua.png [2013.04.20 14:28:29 | 000,031,088 | ---- | C] () -- C:\Users\Tobias\Desktop\n_real_madrid_anti_barca-5230586.jpg [2013.04.14 19:32:09 | 000,192,164 | ---- | C] () -- C:\Users\Tobias\Desktop\Gästebuchseite Carolina und Tobias.pdf [2013.04.14 18:35:10 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.04.13 00:12:41 | 000,371,240 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.08 00:16:08 | 000,114,861 | ---- | C] () -- C:\Users\Tobias\Desktop\398177_3839145107751_1687868109_n.jpg [2013.04.07 22:27:06 | 000,069,102 | ---- | C] () -- C:\Users\Tobias\Desktop\431075_3189390104282_2085569437_n.jpg [2013.04.05 19:58:32 | 000,001,173 | ---- | C] () -- C:\Users\Tobias\Desktop\Google Talk.lnk [2013.04.04 16:34:07 | 000,000,106 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.04.01 16:31:01 | 000,068,096 | ---- | C] () -- C:\Windows\SysWow64\CNC1754D.TBL [2013.03.28 14:07:16 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.02.18 18:50:06 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\libgcc_s_dw2-1.dll [2013.02.18 18:50:06 | 000,011,362 | ---- | C] () -- C:\Windows\SysWow64\mingwm10.dll [2012.12.31 15:29:23 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.12.31 15:29:20 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.31 15:29:19 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.31 14:52:09 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.11.27 05:11:06 | 001,774,862 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.04.20 21:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2012.12.26 22:38:08 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > und hier der zweite: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.04.2013 23:46:42 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tobias\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,88 Gb Total Physical Memory | 4,72 Gb Available Physical Memory | 59,92% Memory free
11,76 Gb Paging File | 7,55 Gb Available in Paging File | 64,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918,01 Gb Total Space | 850,10 Gb Free Space | 92,60% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: Tobias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{169CAB87-E026-4F2C-B521-24C8D336E1C7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D8ADC7AD-1673-420C-B849-D6EC445F6055}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{093E8F08-2E6E-4885-8584-3B574D8B3014}" = dir=out | name=windows_ie_ac_001 |
"{1D66BB35-F213-4AB4-92DE-9800E07DB38B}" = dir=out | name=canon inkjet print utility |
"{202E985E-2AE5-4329-89BA-BB52548192B8}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{33A8FB75-7635-4C4E-B9B5-159B9AAF0D9D}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{382355C1-0610-4D20-BE49-EAE25CF7484D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{3A47C8C4-A8AE-4738-9018-66FFA36A36A1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4A06B972-F17F-4646-90AB-4D6C3E3C7B9A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4CF6F3D4-146E-4EA8-B5C8-FBA221CC9553}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{5C80BA88-709D-4026-B251-5D7BCFB94654}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{64A94188-76F4-404E-B6E9-3FEB3E4FA1AB}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
"{69C3B709-2AAD-4346-81D3-903501B35D80}" = protocol=6 | dir=out | app=c:\program files (x86)\dell wireless\bluetooth suite\bttray.exe |
"{69CC585C-D68C-4A9E-BC64-8D14EDE375F9}" = dir=out | name=amazon |
"{6AFB6C12-56A3-4ED1-A7DB-DD9968C26CE6}" = dir=out | name=@{microsoft.bingfinance_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{70E63936-51B0-4F68-A3D2-8B8AFE47DED0}" = protocol=6 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe |
"{74854249-942E-4FC4-BB58-0262615CCDBC}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{840FF1FA-6B16-4509-A19F-7F8032F01ED4}" = dir=out | name=@{microsoft.bingnews_1.7.0.27_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{84F679BB-7DB8-45F3-92E9-AAE3916458C2}" = dir=out | name=@{microsoft.bingsports_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{8A71BD71-3D61-4CED-AB8F-E8D67428D7DA}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{8D71ABE7-AD8F-4CC1-8AF4-8BB9204502C8}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{8F11F125-8B65-4076-ADA3-5EE43FC8D99A}" = dir=out | app=c:\program files\intel\ccdashboard\bin\ccdash.exe |
"{8FD4F029-0442-4BEA-B9CF-9D9007469D10}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9578106C-9EE7-4E22-8D7B-1D66963E8FAC}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{9A2DFF45-46BB-443B-A221-B8C2B2DE48DB}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{9C35E53B-E5AE-41FA-9A68-6ADADAA4014C}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{9FA0D4F5-CAFC-4C60-8EE7-B4F7E62CB9BF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B0C2FAB4-38FF-453A-9457-ED4040AC5944}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B2EDEDF0-942A-4976-A771-BA1D22D19830}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{B40576A6-86A7-4B08-BD96-A795BB27192E}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{B588D2B8-787A-4CC6-B567-B284343925E9}" = protocol=6 | dir=out | app=c:\program files (x86)\dell wireless\bluetooth suite\win7ui.exe |
"{B939E87F-2EDD-480B-84F1-2A658EBBCB4A}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{B94E98C3-D6D6-47F6-A502-40BA20CBE7FD}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{BDC33094-F55F-4333-93A5-3F769409A18F}" = dir=in | app=c:\program files\intel\ccdashboard\bin\ccdashserver.exe |
"{BE8538ED-00C8-4F6D-BF5D-7FEB55F9B937}" = protocol=6 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\bttray.exe |
"{C0A4A7FA-F85E-405A-989D-366ECEADEB09}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CEE74EB8-8225-4038-AB9C-99BC3344ABC6}" = dir=out | app=c:\program files\intel\ccdashboard\bin\ccdashserver.exe |
"{D101E1A4-B34A-4DDF-A875-491E193BDF84}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D43B6251-F391-4899-9EA6-036C8083A7AA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E05484E0-9983-47C0-B27F-4147A644FFB9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{E2245222-A5AB-47C0-BFBA-C2BA2265F1F1}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{E3CB73E9-B2F6-43C9-9F57-6392BBF94AA1}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EB54801A-400F-4D1A-BA33-778B9DD0D8AE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EEFDD00C-02ED-4E23-8C46-D424D988AA5F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F424B582-9FED-49DF-BB10-C39E978220C9}" = dir=out | name=kindle |
"{F47D1D7D-F5D6-43DB-BDFF-D4C4815BAB52}" = dir=in | app=c:\program files\intel\ccdashboard\bin\ccdash.exe |
"{F52F537B-CA7E-4F52-A203-A2BE208C500E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{F705904D-67B5-4AA5-9C15-C7E6A8750214}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{FBCA0647-7264-41E0-8D2B-2BEBFB32B969}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FE5C2605-0D77-48D1-8F20-C3EE0DA7A766}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"TCP Query User{1E67DBD2-E7D3-4DA9-B158-DCE2187EEF1E}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\bttray.exe |
"TCP Query User{22D85C89-0A9E-47B8-80CD-A3126271BB3B}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe |
"TCP Query User{6140E125-D43F-4B0C-9AE7-DBB687CED61C}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{57657133-390A-434E-8DA0-917B7BDE6D23}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{5A8DF095-4AB5-479E-A83C-E5739253C3D0}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe |
"UDP Query User{CF65841C-15AD-4F88-9F0F-64BA837E372E}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\bttray.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E741267-F54B-4b3a-A7B6-1D1A156E385E}" = Intel(R) My WiFi Dashboard
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C0DF4742-0002-4D89-A8DE-899F5786F38B}" = ActivDriver x64 v5.5
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F7A70D00-F283-45C8-B163-49EC365D7E27}" = DSC/AA Factory Installer
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"PC-Doctor for Windows" = Dell Support Center
"SynTPDeinstKey" = Dell Touchpad
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{20F2FB2A-1FE4-4A40-96E8-87402B490E12}" = ActivInspire Help (DEU) v1
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2730415C-DEAE-4C1A-B81E-B74778D2BF81}" = Garmin Update Service
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{28061CAB-657B-44C8-BBA9-DFC463D617B7}" = Activstudio Ressourcen (DEU) v3.5.1
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2E761107-F629-425A-B323-27622F813EC4}" = Activstudio Dokumente (DEU) v3.7.1
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B3230C5-F069-416B-9169-1B84A216ED6A}" = Dell Digital Delivery
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5002C5B1-B688-474A-AB3A-9B65DBD38FF9}" = HTC Sync Manager
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6c14a7ec-7ed6-47f1-bb64-afc001a60a24}" = Garmin Express
"{6EA9DEAF-B633-44B8-89F6-2EF0C4944A19}" = ActivInspire v1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{782E1916-7A78-47F7-9AF3-2233B83026F2}" = ActivInspire HWR Resources (INT) v1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{929B1254-D7F9-403A-8234-EE348E448820}" = Activstudio Professional Edition v3.7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}" = ST Microelectronics 3 Axis Digital Accelerometer Solution
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B543A7E3-943D-4E9B-9222-D7B04447E64D}" = Elevated Installer
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D9EF7417-8625-483D-A2D3-687C2EF83138}" = Garmin Express
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F56F50A2-451B-47A6-9542-1225DAFA1831}" = Garmin Express Tray
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F98C1A22-FD23-43DB-837D-54DBED3709DC}" = Activstudio Hilfe (DEU) v3.6.1
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"GeoGebra 4.2" = GeoGebra 4.2
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite Essentials
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SopCast" = SopCast 3.2.9
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3420757673-3117285941-3436604316-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.04.2013 13:14:42 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9e20fef8-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:42 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9e3d8c7f-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:43 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9e675e08-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:43 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9e83b168-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:43 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9ea15647-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:43 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9ebe38a7-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:43 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9edb3b84-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:44 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9ef7858c-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:44 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9f143e64-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:44 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9f30a4d9-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
[ System Events ]
Error - 20.04.2013 05:28:48 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 20.04.2013 05:29:18 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 20.04.2013 05:29:48 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 20.04.2013 05:30:18 | Computer Name = Laptop | Source = Service Control Manager | ID = 7046
Description = Vom folgenden Dienst wurde wiederholt nicht auf Dienststeuerungsanforderungen
reagiert: SoftThinks Agent Service Erkundigen Sie sich beim Diensthersteller oder
beim Systemadministrator danach, ob der Dienst deaktiviert werden sollte, bis das
Problem gefunden wurde. Der Computer muss unter Umständen im abgesicherten Modus
gestartet werden, um den Dienst deaktivieren zu können.
Error - 20.04.2013 05:32:25 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 20.04.2013 05:33:38 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 20.04.2013 05:34:08 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 20.04.2013 05:34:38 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 20.04.2013 05:35:08 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 20.04.2013 05:35:38 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
< End of report >
|
|
29.04.2013, 22:55
| #6 |
| | TR/Dropper.gen gefunden, wie entferne ich diesen Trojaner und hier der zweite: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.04.2013 23:46:42 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tobias\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,88 Gb Total Physical Memory | 4,72 Gb Available Physical Memory | 59,92% Memory free
11,76 Gb Paging File | 7,55 Gb Available in Paging File | 64,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918,01 Gb Total Space | 850,10 Gb Free Space | 92,60% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: Tobias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{169CAB87-E026-4F2C-B521-24C8D336E1C7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D8ADC7AD-1673-420C-B849-D6EC445F6055}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{093E8F08-2E6E-4885-8584-3B574D8B3014}" = dir=out | name=windows_ie_ac_001 |
"{1D66BB35-F213-4AB4-92DE-9800E07DB38B}" = dir=out | name=canon inkjet print utility |
"{202E985E-2AE5-4329-89BA-BB52548192B8}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{33A8FB75-7635-4C4E-B9B5-159B9AAF0D9D}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{382355C1-0610-4D20-BE49-EAE25CF7484D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{3A47C8C4-A8AE-4738-9018-66FFA36A36A1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4A06B972-F17F-4646-90AB-4D6C3E3C7B9A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4CF6F3D4-146E-4EA8-B5C8-FBA221CC9553}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{5C80BA88-709D-4026-B251-5D7BCFB94654}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{64A94188-76F4-404E-B6E9-3FEB3E4FA1AB}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
"{69C3B709-2AAD-4346-81D3-903501B35D80}" = protocol=6 | dir=out | app=c:\program files (x86)\dell wireless\bluetooth suite\bttray.exe |
"{69CC585C-D68C-4A9E-BC64-8D14EDE375F9}" = dir=out | name=amazon |
"{6AFB6C12-56A3-4ED1-A7DB-DD9968C26CE6}" = dir=out | name=@{microsoft.bingfinance_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{70E63936-51B0-4F68-A3D2-8B8AFE47DED0}" = protocol=6 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe |
"{74854249-942E-4FC4-BB58-0262615CCDBC}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{840FF1FA-6B16-4509-A19F-7F8032F01ED4}" = dir=out | name=@{microsoft.bingnews_1.7.0.27_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{84F679BB-7DB8-45F3-92E9-AAE3916458C2}" = dir=out | name=@{microsoft.bingsports_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{8A71BD71-3D61-4CED-AB8F-E8D67428D7DA}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{8D71ABE7-AD8F-4CC1-8AF4-8BB9204502C8}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{8F11F125-8B65-4076-ADA3-5EE43FC8D99A}" = dir=out | app=c:\program files\intel\ccdashboard\bin\ccdash.exe |
"{8FD4F029-0442-4BEA-B9CF-9D9007469D10}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9578106C-9EE7-4E22-8D7B-1D66963E8FAC}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{9A2DFF45-46BB-443B-A221-B8C2B2DE48DB}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{9C35E53B-E5AE-41FA-9A68-6ADADAA4014C}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{9FA0D4F5-CAFC-4C60-8EE7-B4F7E62CB9BF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B0C2FAB4-38FF-453A-9457-ED4040AC5944}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B2EDEDF0-942A-4976-A771-BA1D22D19830}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{B40576A6-86A7-4B08-BD96-A795BB27192E}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{B588D2B8-787A-4CC6-B567-B284343925E9}" = protocol=6 | dir=out | app=c:\program files (x86)\dell wireless\bluetooth suite\win7ui.exe |
"{B939E87F-2EDD-480B-84F1-2A658EBBCB4A}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{B94E98C3-D6D6-47F6-A502-40BA20CBE7FD}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{BDC33094-F55F-4333-93A5-3F769409A18F}" = dir=in | app=c:\program files\intel\ccdashboard\bin\ccdashserver.exe |
"{BE8538ED-00C8-4F6D-BF5D-7FEB55F9B937}" = protocol=6 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\bttray.exe |
"{C0A4A7FA-F85E-405A-989D-366ECEADEB09}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CEE74EB8-8225-4038-AB9C-99BC3344ABC6}" = dir=out | app=c:\program files\intel\ccdashboard\bin\ccdashserver.exe |
"{D101E1A4-B34A-4DDF-A875-491E193BDF84}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D43B6251-F391-4899-9EA6-036C8083A7AA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E05484E0-9983-47C0-B27F-4147A644FFB9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{E2245222-A5AB-47C0-BFBA-C2BA2265F1F1}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{E3CB73E9-B2F6-43C9-9F57-6392BBF94AA1}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EB54801A-400F-4D1A-BA33-778B9DD0D8AE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EEFDD00C-02ED-4E23-8C46-D424D988AA5F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F424B582-9FED-49DF-BB10-C39E978220C9}" = dir=out | name=kindle |
"{F47D1D7D-F5D6-43DB-BDFF-D4C4815BAB52}" = dir=in | app=c:\program files\intel\ccdashboard\bin\ccdash.exe |
"{F52F537B-CA7E-4F52-A203-A2BE208C500E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{F705904D-67B5-4AA5-9C15-C7E6A8750214}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{FBCA0647-7264-41E0-8D2B-2BEBFB32B969}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FE5C2605-0D77-48D1-8F20-C3EE0DA7A766}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"TCP Query User{1E67DBD2-E7D3-4DA9-B158-DCE2187EEF1E}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\bttray.exe |
"TCP Query User{22D85C89-0A9E-47B8-80CD-A3126271BB3B}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe |
"TCP Query User{6140E125-D43F-4B0C-9AE7-DBB687CED61C}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{57657133-390A-434E-8DA0-917B7BDE6D23}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{5A8DF095-4AB5-479E-A83C-E5739253C3D0}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe |
"UDP Query User{CF65841C-15AD-4F88-9F0F-64BA837E372E}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\bttray.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E741267-F54B-4b3a-A7B6-1D1A156E385E}" = Intel(R) My WiFi Dashboard
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C0DF4742-0002-4D89-A8DE-899F5786F38B}" = ActivDriver x64 v5.5
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F7A70D00-F283-45C8-B163-49EC365D7E27}" = DSC/AA Factory Installer
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"PC-Doctor for Windows" = Dell Support Center
"SynTPDeinstKey" = Dell Touchpad
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{20F2FB2A-1FE4-4A40-96E8-87402B490E12}" = ActivInspire Help (DEU) v1
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2730415C-DEAE-4C1A-B81E-B74778D2BF81}" = Garmin Update Service
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{28061CAB-657B-44C8-BBA9-DFC463D617B7}" = Activstudio Ressourcen (DEU) v3.5.1
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2E761107-F629-425A-B323-27622F813EC4}" = Activstudio Dokumente (DEU) v3.7.1
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B3230C5-F069-416B-9169-1B84A216ED6A}" = Dell Digital Delivery
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5002C5B1-B688-474A-AB3A-9B65DBD38FF9}" = HTC Sync Manager
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6c14a7ec-7ed6-47f1-bb64-afc001a60a24}" = Garmin Express
"{6EA9DEAF-B633-44B8-89F6-2EF0C4944A19}" = ActivInspire v1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{782E1916-7A78-47F7-9AF3-2233B83026F2}" = ActivInspire HWR Resources (INT) v1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{929B1254-D7F9-403A-8234-EE348E448820}" = Activstudio Professional Edition v3.7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}" = ST Microelectronics 3 Axis Digital Accelerometer Solution
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B543A7E3-943D-4E9B-9222-D7B04447E64D}" = Elevated Installer
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D9EF7417-8625-483D-A2D3-687C2EF83138}" = Garmin Express
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F56F50A2-451B-47A6-9542-1225DAFA1831}" = Garmin Express Tray
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F98C1A22-FD23-43DB-837D-54DBED3709DC}" = Activstudio Hilfe (DEU) v3.6.1
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"GeoGebra 4.2" = GeoGebra 4.2
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite Essentials
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SopCast" = SopCast 3.2.9
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3420757673-3117285941-3436604316-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.04.2013 13:14:42 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9e20fef8-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:42 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9e3d8c7f-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:43 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9e675e08-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:43 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9e83b168-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:43 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9ea15647-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:43 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9ebe38a7-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:43 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9edb3b84-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:44 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9ef7858c-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:44 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9f143e64-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:44 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 9f30a4d9-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
[ System Events ]
Error - 20.04.2013 05:28:48 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 20.04.2013 05:29:18 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 20.04.2013 05:29:48 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 20.04.2013 05:30:18 | Computer Name = Laptop | Source = Service Control Manager | ID = 7046
Description = Vom folgenden Dienst wurde wiederholt nicht auf Dienststeuerungsanforderungen
reagiert: SoftThinks Agent Service Erkundigen Sie sich beim Diensthersteller oder
beim Systemadministrator danach, ob der Dienst deaktiviert werden sollte, bis das
Problem gefunden wurde. Der Computer muss unter Umständen im abgesicherten Modus
gestartet werden, um den Dienst deaktivieren zu können.
Error - 20.04.2013 05:32:25 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 20.04.2013 05:33:38 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 20.04.2013 05:34:08 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 20.04.2013 05:34:38 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 20.04.2013 05:35:08 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 20.04.2013 05:35:38 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
< End of report >
|
|
30.04.2013, 15:27
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen gefunden, wie entferne ich diesen Trojaner Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2013, 12:57
| #8 |
| | TR/Dropper.gen gefunden, wie entferne ich diesen Trojaner Also beim Gmerscan kam am Anfang die Meldung 1 im Anhang, hab den Scan dann laufen lassen und das kam raus: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-02 13:38:56
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003e rev.A110 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Tobias\AppData\Local\Temp\uxloapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\System32\dwm.exe[28276] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f970add8f8 7 bytes JMP 000007fa6dee0260
.text C:\Windows\System32\dwm.exe[28276] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f970aeb1a4 7 bytes JMP 000007fa6dee0298
.text C:\Windows\System32\dwm.exe[28276] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f970aeb214 7 bytes JMP 000007fa6dee02d0
.text C:\Windows\System32\dwm.exe[28276] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f970aeb238 8 bytes JMP 000007fa6dee0228
.text C:\Windows\System32\dwm.exe[28276] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f970aeb87c 8 bytes JMP 000007fa6dee0308
.text C:\Windows\System32\dwm.exe[28276] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f96def28a0 7 bytes JMP 000007fa6dee00d8
.text C:\Windows\System32\dwm.exe[28276] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f96def28e8 5 bytes JMP 000007fa6dee0180
.text C:\Windows\System32\dwm.exe[28276] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f96df0f590 6 bytes JMP 000007fa6dee0148
.text C:\Windows\System32\dwm.exe[28276] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f96df0f8ac 5 bytes JMP 000007fa6dee0110
.text C:\Windows\System32\dwm.exe[28276] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f96eba10b0 8 bytes JMP 000007fa6dee01f0
.text C:\Windows\System32\dwm.exe[28276] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f96ebb11b0 8 bytes JMP 000007fa6dee01b8
.text C:\Windows\System32\dwm.exe[28276] C:\Windows\System32\dxgi.dll!CreateDXGIFactory1 000007f96b9a6d10 5 bytes JMP 000007fa6b790110
.text C:\Windows\System32\dwm.exe[28276] C:\Windows\System32\dxgi.dll!CreateDXGIFactory 000007f96b9ad060 5 bytes JMP 000007fa6b7900d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[26176] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f96a4f1532 4 bytes [4F, 6A, F9, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[26176] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f96a4f153a 4 bytes [4F, 6A, F9, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[26176] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f96a4f165a 4 bytes [4F, 6A, F9, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[12520] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f96a4f1532 4 bytes [4F, 6A, F9, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[12520] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f96a4f153a 4 bytes [4F, 6A, F9, 07]
.text C:\Program Files\Internet Explorer\iexplore.exe[12520] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f96a4f165a 4 bytes [4F, 6A, F9, 07]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[5264] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007f9706a177a 4 bytes [6A, 70, F9, 07]
.text C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[5264] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007f9706a1782 4 bytes [6A, 70, F9, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [14076:12908] fffff9600080e5e8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.02.02
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
Tobias :: LAPTOP [administrator]
02.05.2013 13:53:33
mbar-log-2013-05-02 (13-53-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 8794
Time elapsed: 7 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
02.05.2013, 12:58
| #9 |
| | TR/Dropper.gen gefunden, wie entferne ich diesen Trojaner Hier die Anhänge |
|
02.05.2013, 13:20
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen gefunden, wie entferne ich diesen Trojaner aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2013, 12:42
| #11 |
| | TR/Dropper.gen gefunden, wie entferne ich diesen Trojaner Hier die Logs 1. aswMBr Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-03 13:34:52
-----------------------------
13:34:52.305 OS Version: Windows x64 6.2.9200
13:34:52.305 Number of processors: 8 586 0x3A09
13:34:52.305 ComputerName: LAPTOP UserName: Tobias
13:34:52.323 Initialze error 1
13:36:15.981 AVAST engine defs: 13050300
13:36:49.271 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003e
13:36:49.274 Disk 0 Vendor: A110 Size: 953867MB BusType: 8
13:36:49.275 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000003f
13:36:49.277 Disk 1 Vendor: D3Q1 Size: 8192MB BusType: 8
13:36:49.280 Disk 0 MBR read successfully
13:36:49.282 Disk 0 MBR scan
13:36:49.287 Disk 0 unknown MBR code
13:36:49.290 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
13:36:49.296 Disk 0 scanning C:\Windows\system32\drivers
13:36:49.298 Service scanning
13:36:49.943 Modules scanning
13:36:49.950 Disk 0 trace - called modules:
13:36:49.959 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys storport.sys hal.dll iaStorA.sys
13:36:49.966 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a0df060]
13:36:49.975 3 CLASSPNP.SYS[fffff88001001fea] -> nt!IofCallDriver -> [0xfffffa800a034890]
13:36:49.983 5 stdcfltn.sys[fffff88001c77d12] -> nt!IofCallDriver -> \Device\0000003e[0xfffffa8007f87060]
13:36:49.991 AVAST engine scan C:\Windows
13:36:49.996 AVAST engine scan C:\Windows\system32
13:36:50.000 AVAST engine scan C:\Windows\system32\drivers
13:36:50.003 AVAST engine scan C:\Users\Tobias
13:36:50.007 AVAST engine scan C:\ProgramData
13:36:50.010 Scan finished successfully
13:37:20.684 Disk 0 MBR has been saved successfully to "C:\Users\Tobias\Desktop\MBR.dat"
13:37:20.688 The log file has been saved successfully to "C:\Users\Tobias\Desktop\aswMBR.txt"
Code:
ATTFilter 13:39:10.0001 4796 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:39:10.0001 4796 UEFI system
13:39:10.0287 4796 ============================================================
13:39:10.0287 4796 Current date / time: 2013/05/03 13:39:10.0287
13:39:10.0287 4796 SystemInfo:
13:39:10.0288 4796
13:39:10.0288 4796 OS Version: 6.2.9200 ServicePack: 0.0
13:39:10.0288 4796 Product type: Workstation
13:39:10.0288 4796 ComputerName: LAPTOP
13:39:10.0288 4796 UserName: Tobias
13:39:10.0288 4796 Windows directory: C:\Windows
13:39:10.0288 4796 System windows directory: C:\Windows
13:39:10.0288 4796 Running under WOW64
13:39:10.0288 4796 Processor architecture: Intel x64
13:39:10.0288 4796 Number of processors: 8
13:39:10.0288 4796 Page size: 0x1000
13:39:10.0288 4796 Boot type: Normal boot
13:39:10.0288 4796 ============================================================
13:39:10.0874 4796 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0B80E00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:39:10.0874 4796 Drive \Device\Harddisk1\DR1 - Size: 0x200000000 (8.00 Gb), SectorSize: 0x200, Cylinders: 0x414, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:39:10.0876 4796 ============================================================
13:39:10.0876 4796 \Device\Harddisk0\DR0:
13:39:10.0876 4796 GPT partitions:
13:39:10.0877 4796 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {1273F582-F6D1-4B0E-9771-C4AB538D8FD9}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0xFA000
13:39:10.0877 4796 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {796BADD3-6BBF-4D9F-B631-466EB71A4965}, UniqueGUID: {4E50BBE2-AC3B-421D-B474-CE36CCCDB5EA}, Name: Basic data partition, StartLBA 0xFA800, BlocksNum 0x14000
13:39:10.0877 4796 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {4F3C02FC-30C0-4412-843F-2048B33EEE43}, Name: Microsoft reserved partition, StartLBA 0x10E800, BlocksNum 0x40000
13:39:10.0877 4796 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {C2C44C8D-1784-4396-8EB6-80F2B696A088}, Name: Basic data partition, StartLBA 0x14E800, BlocksNum 0xFA000
13:39:10.0877 4796 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A52E75C4-2D77-4C64-8694-C46671610B12}, Name: Basic data partition, StartLBA 0x248800, BlocksNum 0x72C03800
13:39:10.0877 4796 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {C5A55C2A-F0ED-486E-8A23-9672D2D0FD46}, Name: Microsoft recovery partition, StartLBA 0x72E4C000, BlocksNum 0x18B9407
13:39:10.0877 4796 MBR partitions:
13:39:10.0877 4796 \Device\Harddisk1\DR1:
13:39:10.0877 4796 GPT partitions:
13:39:10.0877 4796 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {D3BFE2DE-3DAF-11DF-BA40-E3A556D89593}, UniqueGUID: {114DF97A-C951-4D36-96D0-A50B665DF83F}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xFFF000
13:39:10.0877 4796 MBR partitions:
13:39:10.0877 4796 ============================================================
13:39:10.0879 4796 C: <-> \Device\Harddisk0\DR0\Partition5
13:39:10.0879 4796 ============================================================
13:39:10.0879 4796 Initialize success
13:39:10.0879 4796 ============================================================
13:39:19.0403 3628 ============================================================
13:39:19.0403 3628 Scan started
13:39:19.0403 3628 Mode: Manual; SigCheck; TDLFS;
13:39:19.0403 3628 ============================================================
13:39:20.0616 3628 ================ Scan system memory ========================
13:39:20.0616 3628 System memory - ok
13:39:20.0617 3628 ================ Scan services =============================
13:39:20.0698 3628 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
13:39:20.0776 3628 1394ohci - ok
13:39:20.0780 3628 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys
13:39:20.0789 3628 3ware - ok
13:39:20.0796 3628 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:39:20.0810 3628 ACPI - ok
13:39:20.0814 3628 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys
13:39:20.0822 3628 acpiex - ok
13:39:20.0825 3628 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
13:39:20.0833 3628 acpipagr - ok
13:39:20.0836 3628 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
13:39:20.0868 3628 AcpiPmi - ok
13:39:20.0871 3628 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys
13:39:20.0893 3628 acpitime - ok
13:39:20.0897 3628 [ 007F173FDE42227D7CB998BD59F80F81 ] ActivHidSerMini C:\Windows\System32\drivers\activhidsermini.sys
13:39:20.0918 3628 ActivHidSerMini - ok
13:39:20.0924 3628 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:39:20.0930 3628 AdobeARMservice - ok
13:39:20.0966 3628 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:39:20.0974 3628 AdobeFlashPlayerUpdateSvc - ok
13:39:20.0981 3628 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:39:20.0996 3628 adp94xx - ok
13:39:21.0002 3628 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:39:21.0014 3628 adpahci - ok
13:39:21.0019 3628 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:39:21.0028 3628 adpu320 - ok
13:39:21.0034 3628 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:39:21.0204 3628 AeLookupSvc - ok
13:39:21.0212 3628 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
13:39:21.0224 3628 AERTFilters - ok
13:39:21.0239 3628 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys
13:39:21.0275 3628 AFD - ok
13:39:21.0280 3628 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:39:21.0291 3628 agp440 - ok
13:39:21.0296 3628 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe
13:39:21.0326 3628 ALG - ok
13:39:21.0332 3628 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
13:39:21.0353 3628 AllUserInstallAgent - ok
13:39:21.0358 3628 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
13:39:21.0389 3628 AmdK8 - ok
13:39:21.0393 3628 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
13:39:21.0401 3628 AmdPPM - ok
13:39:21.0405 3628 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:39:21.0412 3628 amdsata - ok
13:39:21.0417 3628 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:39:21.0428 3628 amdsbs - ok
13:39:21.0431 3628 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:39:21.0438 3628 amdxata - ok
13:39:21.0451 3628 [ 76544F01FA0D79CE6F525B6EB475BEF9 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
13:39:21.0459 3628 AntiVirMailService - ok
13:39:21.0462 3628 [ 90C69DF5FB36F8B74109583652575BD3 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:39:21.0467 3628 AntiVirSchedulerService - ok
13:39:21.0471 3628 [ B6F85597831F63C27FD278F4E05C3020 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:39:21.0476 3628 AntiVirService - ok
13:39:21.0484 3628 [ 932B178CF3840CFC8B0051523F657A8A ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
13:39:21.0494 3628 AntiVirWebService - ok
13:39:21.0497 3628 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys
13:39:21.0522 3628 AppID - ok
13:39:21.0525 3628 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:39:21.0536 3628 AppIDSvc - ok
13:39:21.0539 3628 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\Windows\System32\appinfo.dll
13:39:21.0551 3628 Appinfo - ok
13:39:21.0557 3628 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:39:21.0563 3628 Apple Mobile Device - ok
13:39:21.0567 3628 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys
13:39:21.0575 3628 arc - ok
13:39:21.0578 3628 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:39:21.0587 3628 arcsas - ok
13:39:21.0590 3628 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:39:21.0604 3628 AsyncMac - ok
13:39:21.0607 3628 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys
13:39:21.0614 3628 atapi - ok
13:39:21.0618 3628 [ 2FDA876CBC0D120630CD7CA9A4206B61 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
13:39:21.0630 3628 AthBTPort - ok
13:39:21.0634 3628 [ AE8EE29474663398737DBC146D53D440 ] AthDfu C:\Windows\System32\Drivers\AthDfu.sys
13:39:21.0638 3628 AthDfu - ok
13:39:21.0646 3628 [ 3E1F33B358B88E8EBEC1091580C9FD42 ] AtherosSvc C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
13:39:21.0651 3628 AtherosSvc - ok
13:39:21.0687 3628 [ CBBD8F724C6C0B3D05477BB5C982D4B8 ] athr C:\Windows\system32\DRIVERS\athw8x.sys
13:39:21.0731 3628 athr - ok
13:39:21.0737 3628 [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
13:39:21.0753 3628 AudioEndpointBuilder - ok
13:39:21.0763 3628 [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:39:21.0780 3628 Audiosrv - ok
13:39:21.0784 3628 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:39:21.0790 3628 avgntflt - ok
13:39:21.0794 3628 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:39:21.0800 3628 avipbb - ok
13:39:21.0803 3628 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:39:21.0808 3628 avkmgr - ok
13:39:21.0812 3628 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:39:21.0841 3628 AxInstSV - ok
13:39:21.0850 3628 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:39:21.0865 3628 b06bdrv - ok
13:39:21.0868 3628 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
13:39:21.0889 3628 BasicDisplay - ok
13:39:21.0893 3628 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
13:39:21.0905 3628 BasicRender - ok
13:39:21.0911 3628 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll
13:39:21.0934 3628 BDESVC - ok
13:39:21.0936 3628 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys
13:39:21.0953 3628 Beep - ok
13:39:21.0963 3628 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll
13:39:21.0987 3628 BFE - ok
13:39:21.0998 3628 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll
13:39:22.0036 3628 BITS - ok
13:39:22.0043 3628 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:39:22.0053 3628 Bonjour Service - ok
13:39:22.0056 3628 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:39:22.0065 3628 bowser - ok
13:39:22.0070 3628 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
13:39:22.0087 3628 BrokerInfrastructure - ok
13:39:22.0091 3628 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll
13:39:22.0102 3628 Browser - ok
13:39:22.0109 3628 [ 942F3F6286056D6BBB5B02ED2B7088BD ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
13:39:22.0117 3628 BTATH_A2DP - ok
13:39:22.0121 3628 [ 43C965027229D9FF6E52E4C71C03B09E ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
13:39:22.0126 3628 btath_avdt - ok
13:39:22.0130 3628 [ 23CEDCD7527A26B222732A158F76EB24 ] BTATH_BUS C:\Windows\System32\drivers\btath_bus.sys
13:39:22.0134 3628 BTATH_BUS - ok
13:39:22.0139 3628 [ 3DD64966A764BCAFF07C9DC064BD410E ] BTATH_HCRP C:\Windows\System32\drivers\btath_hcrp.sys
13:39:22.0145 3628 BTATH_HCRP - ok
13:39:22.0149 3628 [ B68EE0721EAC305AB1C9C989CDF1AEFF ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
13:39:22.0154 3628 BTATH_LWFLT - ok
13:39:22.0158 3628 [ EC7BB341229E9E6B04349580F55218B2 ] BTATH_RCP C:\Windows\System32\drivers\btath_rcp.sys
13:39:22.0164 3628 BTATH_RCP - ok
13:39:22.0174 3628 [ 438A103725FBBD02842694FFE2AF67C7 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
13:39:22.0186 3628 BtFilter - ok
13:39:22.0190 3628 [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
13:39:22.0198 3628 BthAvrcpTg - ok
13:39:22.0201 3628 [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
13:39:22.0220 3628 BthEnum - ok
13:39:22.0224 3628 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
13:39:22.0263 3628 BthHFEnum - ok
13:39:22.0266 3628 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
13:39:22.0277 3628 bthhfhid - ok
13:39:22.0282 3628 [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum C:\Windows\system32\DRIVERS\BthLEEnum.sys
13:39:22.0298 3628 BthLEEnum - ok
13:39:22.0302 3628 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
13:39:22.0317 3628 BTHMODEM - ok
13:39:22.0321 3628 [ 091BB978E9504D0AD14586929431A957 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:39:22.0330 3628 BthPan - ok
13:39:22.0344 3628 [ 13795CAA34239D97A7211E7F9D96E012 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
13:39:22.0364 3628 BTHPORT - ok
13:39:22.0368 3628 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll
13:39:22.0387 3628 bthserv - ok
13:39:22.0391 3628 [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
13:39:22.0399 3628 BTHUSB - ok
13:39:22.0403 3628 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:39:22.0422 3628 cdfs - ok
13:39:22.0427 3628 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys
13:39:22.0436 3628 cdrom - ok
13:39:22.0460 3628 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll
13:39:22.0475 3628 CertPropSvc - ok
13:39:22.0480 3628 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys
13:39:22.0497 3628 circlass - ok
13:39:22.0507 3628 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
13:39:22.0520 3628 CLFS - ok
13:39:22.0528 3628 [ 075CCE75090786F124573A788C8656E6 ] CLVirtualDrive C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
13:39:22.0534 3628 CLVirtualDrive - ok
13:39:22.0537 3628 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
13:39:22.0608 3628 CmBatt - ok
13:39:22.0616 3628 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys
13:39:22.0633 3628 CNG - ok
13:39:22.0637 3628 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
13:39:22.0669 3628 CompositeBus - ok
13:39:22.0672 3628 COMSysApp - ok
13:39:22.0675 3628 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys
13:39:22.0702 3628 condrv - ok
13:39:22.0737 3628 [ AB4EA7DE088D27879BA2F88C51B93E33 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
13:39:22.0745 3628 cphs - ok
13:39:22.0750 3628 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:39:22.0758 3628 CryptSvc - ok
13:39:22.0762 3628 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys
13:39:22.0769 3628 dam - ok
13:39:22.0781 3628 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll
13:39:22.0816 3628 DcomLaunch - ok
13:39:22.0823 3628 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll
13:39:22.0844 3628 defragsvc - ok
13:39:22.0849 3628 [ 37F54F1D659D25CF02CE9979920231AF ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
13:39:22.0856 3628 DellDigitalDelivery - ok
13:39:22.0859 3628 [ DC253191A553DACA7684CFB5B03A4268 ] DellRbtn C:\Windows\System32\drivers\DellRbtn.sys
13:39:22.0881 3628 DellRbtn - ok
13:39:22.0887 3628 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
13:39:22.0907 3628 DeviceAssociationService - ok
13:39:22.0911 3628 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
13:39:22.0921 3628 DeviceInstall - ok
13:39:22.0925 3628 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
13:39:22.0933 3628 Dfsc - ok
13:39:22.0940 3628 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:39:22.0973 3628 Dhcp - ok
13:39:22.0977 3628 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys
13:39:22.0989 3628 discache - ok
13:39:22.0993 3628 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys
13:39:23.0001 3628 disk - ok
13:39:23.0004 3628 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
13:39:23.0013 3628 dmvsc - ok
13:39:23.0018 3628 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:39:23.0069 3628 Dnscache - ok
13:39:23.0079 3628 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll
13:39:23.0113 3628 dot3svc - ok
13:39:23.0123 3628 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll
13:39:23.0148 3628 DPS - ok
13:39:23.0151 3628 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:39:23.0160 3628 drmkaud - ok
13:39:23.0165 3628 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
13:39:23.0199 3628 DsmSvc - ok
13:39:23.0218 3628 [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:39:23.0249 3628 DXGKrnl - ok
13:39:23.0253 3628 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll
13:39:23.0264 3628 Eaphost - ok
13:39:23.0297 3628 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:39:23.0356 3628 ebdrv - ok
13:39:23.0360 3628 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe
13:39:23.0385 3628 EFS - ok
13:39:23.0388 3628 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
13:39:23.0396 3628 EhStorClass - ok
13:39:23.0400 3628 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
13:39:23.0408 3628 EhStorTcgDrv - ok
13:39:23.0411 3628 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys
13:39:23.0428 3628 ErrDev - ok
13:39:23.0438 3628 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll
13:39:23.0452 3628 EventSystem - ok
13:39:23.0457 3628 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys
13:39:23.0483 3628 exfat - ok
13:39:23.0488 3628 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:39:23.0499 3628 fastfat - ok
13:39:23.0508 3628 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe
13:39:23.0535 3628 Fax - ok
13:39:23.0538 3628 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys
13:39:23.0548 3628 fdc - ok
13:39:23.0551 3628 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll
13:39:23.0564 3628 fdPHost - ok
13:39:23.0567 3628 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll
13:39:23.0580 3628 FDResPub - ok
13:39:23.0584 3628 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll
13:39:23.0602 3628 fhsvc - ok
13:39:23.0606 3628 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:39:23.0614 3628 FileInfo - ok
13:39:23.0617 3628 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:39:23.0629 3628 Filetrace - ok
13:39:23.0631 3628 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
13:39:23.0646 3628 flpydisk - ok
13:39:23.0652 3628 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:39:23.0665 3628 FltMgr - ok
13:39:23.0681 3628 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll
13:39:23.0708 3628 FontCache - ok
13:39:23.0712 3628 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:39:23.0720 3628 FontCache3.0.0.0 - ok
13:39:23.0723 3628 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:39:23.0731 3628 FsDepends - ok
13:39:23.0734 3628 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:39:23.0741 3628 Fs_Rec - ok
13:39:23.0748 3628 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:39:23.0763 3628 fvevol - ok
13:39:23.0766 3628 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
13:39:23.0774 3628 FxPPM - ok
13:39:23.0777 3628 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:39:23.0785 3628 gagp30kx - ok
13:39:23.0790 3628 [ 25619A6281DDCC6C60C6959E62112F98 ] Garmin Core Update Service C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
13:39:23.0796 3628 Garmin Core Update Service - ok
13:39:23.0800 3628 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:39:23.0804 3628 GEARAspiWDM - ok
13:39:23.0807 3628 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
13:39:23.0827 3628 gencounter - ok
13:39:23.0831 3628 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
13:39:23.0839 3628 GPIOClx0101 - ok
13:39:23.0868 3628 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll
13:39:23.0892 3628 gpsvc - ok
13:39:23.0896 3628 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
13:39:23.0915 3628 HDAudBus - ok
13:39:23.0919 3628 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
13:39:23.0929 3628 HidBatt - ok
13:39:23.0932 3628 [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth C:\Windows\System32\drivers\hidbth.sys
13:39:23.0948 3628 HidBth - ok
13:39:23.0952 3628 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
13:39:23.0977 3628 hidi2c - ok
13:39:23.0981 3628 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys
13:39:24.0002 3628 HidIr - ok
13:39:24.0056 3628 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\system32\hidserv.dll
13:39:24.0075 3628 hidserv - ok
13:39:24.0079 3628 [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
13:39:24.0088 3628 HidUsb - ok
13:39:24.0092 3628 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:39:24.0103 3628 hkmsvc - ok
13:39:24.0109 3628 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:39:24.0150 3628 HomeGroupListener - ok
13:39:24.0157 3628 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:39:24.0178 3628 HomeGroupProvider - ok
13:39:24.0181 3628 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:39:24.0189 3628 HpSAMD - ok
13:39:24.0192 3628 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\System32\Drivers\ANDROIDUSB.sys
13:39:24.0202 3628 HTCAND64 - ok
13:39:24.0208 3628 [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
13:39:24.0213 3628 HTCMonitorService - ok
13:39:24.0216 3628 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
13:39:24.0221 3628 htcnprot - ok
13:39:24.0231 3628 [ 29CB98187BB5711F7759540976D295FC ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:39:24.0265 3628 HTTP - ok
13:39:24.0269 3628 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:39:24.0276 3628 hwpolicy - ok
13:39:24.0279 3628 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
13:39:24.0298 3628 hyperkbd - ok
13:39:24.0302 3628 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
13:39:24.0315 3628 HyperVideo - ok
13:39:24.0318 3628 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
13:39:24.0335 3628 i8042prt - ok
13:39:24.0345 3628 [ 459016E8A4FA6426EDB5A9456A6E5E58 ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
13:39:24.0357 3628 iaStorA - ok
13:39:24.0361 3628 [ 584068E03829BC5C63F54B05E6244E97 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:39:24.0364 3628 IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - warning
13:39:24.0364 3628 IAStorDataMgrSvc - detected UnsignedFile.Multi.Generic (1)
13:39:24.0372 3628 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:39:24.0386 3628 iaStorV - ok
13:39:24.0412 3628 [ 15C9BF6968A0990D8F4161A6ABEB7229 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
13:39:24.0444 3628 IconMan_R - ok
13:39:24.0534 3628 [ 87B67C33144BE5A68D20D9BE4D528E43 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:39:24.0645 3628 igfx - ok
13:39:24.0649 3628 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:39:24.0656 3628 iirsp - ok
13:39:24.0661 3628 [ CE1EE31FFF730CA975A5535D8A71AF61 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
13:39:24.0666 3628 IJPLMSVC - ok
13:39:24.0680 3628 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll
13:39:24.0699 3628 IKEEXT - ok
13:39:24.0746 3628 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:39:24.0804 3628 IntcAzAudAddService - ok
13:39:24.0811 3628 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
13:39:24.0827 3628 IntcDAud - ok
13:39:24.0838 3628 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
13:39:24.0850 3628 Intel(R) Capability Licensing Service Interface - ok
13:39:24.0853 3628 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys
13:39:24.0860 3628 intelide - ok
13:39:24.0864 3628 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys
13:39:24.0873 3628 intelppm - ok
13:39:24.0877 3628 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:39:24.0892 3628 IpFilterDriver - ok
13:39:24.0905 3628 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:39:24.0933 3628 iphlpsvc - ok
13:39:24.0937 3628 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
13:39:24.0961 3628 IPMIDRV - ok
13:39:24.0965 3628 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:39:24.0983 3628 IPNAT - ok
13:39:24.0992 3628 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:39:25.0003 3628 iPod Service - ok
13:39:25.0006 3628 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:39:25.0023 3628 IRENUM - ok
13:39:25.0027 3628 [ 4D9B9A794F22415B8C3E0CCFBE61BC7A ] irstrtdv C:\Windows\System32\drivers\irstrtdv.sys
13:39:25.0032 3628 irstrtdv - ok
13:39:25.0066 3628 [ E145E934392E7A49FDC6775AC3A347F8 ] irstrtsv C:\Windows\SysWOW64\irstrtsv.exe
13:39:25.0073 3628 irstrtsv - ok
13:39:25.0076 3628 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:39:25.0083 3628 isapnp - ok
13:39:25.0089 3628 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
13:39:25.0099 3628 iScsiPrt - ok
13:39:25.0105 3628 [ 3C4002D339491AF73D663FFC7F6E5ECB ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
13:39:25.0111 3628 jhi_service - ok
13:39:25.0114 3628 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
13:39:25.0121 3628 kbdclass - ok
13:39:25.0124 3628 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
13:39:25.0140 3628 kbdhid - ok
13:39:25.0143 3628 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
13:39:25.0158 3628 kdnic - ok
13:39:25.0161 3628 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe
13:39:25.0169 3628 KeyIso - ok
13:39:25.0173 3628 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:39:25.0181 3628 KSecDD - ok
13:39:25.0185 3628 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:39:25.0194 3628 KSecPkg - ok
13:39:25.0197 3628 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:39:25.0207 3628 ksthunk - ok
13:39:25.0214 3628 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:39:25.0232 3628 KtmRm - ok
13:39:25.0239 3628 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\system32\srvsvc.dll
13:39:25.0250 3628 LanmanServer - ok
13:39:25.0255 3628 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:39:25.0273 3628 LanmanWorkstation - ok
13:39:25.0277 3628 [ 0946D41212A96FE2DD7EC5C7C21676D2 ] lehidmini C:\Windows\System32\drivers\leath_hid.sys
13:39:25.0282 3628 lehidmini - ok
13:39:25.0285 3628 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:39:25.0294 3628 lltdio - ok
13:39:25.0300 3628 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:39:25.0313 3628 lltdsvc - ok
13:39:25.0316 3628 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:39:25.0324 3628 lmhosts - ok
13:39:25.0330 3628 [ 4269D44BB47A6DA5D80B11F4C8536458 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:39:25.0336 3628 LMS - ok
13:39:25.0341 3628 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:39:25.0349 3628 LSI_SAS - ok
13:39:25.0353 3628 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:39:25.0361 3628 LSI_SAS2 - ok
13:39:25.0365 3628 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:39:25.0373 3628 LSI_SCSI - ok
13:39:25.0376 3628 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
13:39:25.0384 3628 LSI_SSS - ok
13:39:25.0391 3628 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\Windows\System32\lsm.dll
13:39:25.0406 3628 LSM - ok
13:39:25.0410 3628 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys
13:39:25.0422 3628 luafv - ok
13:39:25.0425 3628 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:39:25.0431 3628 MBAMProtector - ok
13:39:25.0438 3628 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:39:25.0447 3628 MBAMScheduler - ok
13:39:25.0456 3628 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:39:25.0468 3628 MBAMService - ok
13:39:25.0471 3628 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys
13:39:25.0478 3628 megasas - ok
13:39:25.0484 3628 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:39:25.0497 3628 MegaSR - ok
13:39:25.0500 3628 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\System32\drivers\HECIx64.sys
13:39:25.0505 3628 MEIx64 - ok
13:39:25.0508 3628 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll
13:39:25.0522 3628 MMCSS - ok
13:39:25.0525 3628 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys
13:39:25.0535 3628 Modem - ok
13:39:25.0538 3628 [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor C:\Windows\System32\drivers\monitor.sys
13:39:25.0553 3628 monitor - ok
13:39:25.0556 3628 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys
13:39:25.0564 3628 mouclass - ok
13:39:25.0567 3628 [ C0ADEBED913295803B579ED288936CBB ] mouhid C:\Windows\System32\drivers\mouhid.sys
13:39:25.0581 3628 mouhid - ok
13:39:25.0585 3628 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:39:25.0593 3628 mountmgr - ok
13:39:25.0597 3628 [ 1C9B83F6A2D1F414F0ACD28D75605607 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:39:25.0603 3628 MozillaMaintenance - ok
13:39:25.0607 3628 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:39:25.0628 3628 mpsdrv - ok
13:39:25.0639 3628 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:39:25.0667 3628 MpsSvc - ok
13:39:25.0671 3628 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:39:25.0682 3628 MRxDAV - ok
13:39:25.0688 3628 [ 93179D48066918323628CB016D8C94DC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:39:25.0711 3628 mrxsmb - ok
13:39:25.0717 3628 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:39:25.0726 3628 mrxsmb10 - ok
13:39:25.0731 3628 [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:39:25.0740 3628 mrxsmb20 - ok
13:39:25.0744 3628 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
13:39:25.0765 3628 MsBridge - ok
13:39:25.0769 3628 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe
13:39:25.0778 3628 MSDTC - ok
13:39:25.0783 3628 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:39:25.0790 3628 Msfs - ok
13:39:25.0793 3628 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
13:39:25.0801 3628 msgpiowin32 - ok
13:39:25.0803 3628 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:39:25.0810 3628 mshidkmdf - ok
13:39:25.0813 3628 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
13:39:25.0820 3628 mshidumdf - ok
13:39:25.0823 3628 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:39:25.0830 3628 msisadrv - ok
13:39:25.0834 3628 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:39:25.0851 3628 MSiSCSI - ok
13:39:25.0853 3628 msiserver - ok
13:39:25.0856 3628 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:39:25.0863 3628 MSKSSRV - ok
13:39:25.0867 3628 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
13:39:25.0875 3628 MsLldp - ok
13:39:25.0878 3628 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:39:25.0892 3628 MSPCLOCK - ok
13:39:25.0895 3628 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:39:25.0903 3628 MSPQM - ok
13:39:25.0910 3628 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:39:25.0923 3628 MsRPC - ok
13:39:25.0927 3628 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
13:39:25.0934 3628 mssmbios - ok
13:39:25.0937 3628 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:39:25.0949 3628 MSTEE - ok
13:39:25.0952 3628 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
13:39:25.0959 3628 MTConfig - ok
13:39:25.0962 3628 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys
13:39:25.0970 3628 Mup - ok
13:39:25.0973 3628 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys
13:39:25.0981 3628 mvumis - ok
13:39:25.0988 3628 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll
13:39:26.0002 3628 napagent - ok
13:39:26.0009 3628 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:39:26.0021 3628 NativeWifiP - ok
13:39:26.0026 3628 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll
13:39:26.0036 3628 NcaSvc - ok
13:39:26.0040 3628 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
13:39:26.0050 3628 NcdAutoSetup - ok
13:39:26.0062 3628 [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:39:26.0085 3628 NDIS - ok
13:39:26.0089 3628 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:39:26.0099 3628 NdisCap - ok
13:39:26.0103 3628 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
13:39:26.0124 3628 NdisImPlatform - ok
13:39:26.0127 3628 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:39:26.0135 3628 NdisTapi - ok
13:39:26.0138 3628 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:39:26.0151 3628 Ndisuio - ok
13:39:26.0155 3628 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:39:26.0174 3628 NdisWan - ok
13:39:26.0178 3628 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
13:39:26.0188 3628 NDISWANLEGACY - ok
13:39:26.0191 3628 [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:39:26.0199 3628 NDProxy - ok
13:39:26.0203 3628 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys
13:39:26.0211 3628 Ndu - ok
13:39:26.0214 3628 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:39:26.0223 3628 NetBIOS - ok
13:39:26.0229 3628 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:39:26.0241 3628 NetBT - ok
13:39:26.0244 3628 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe
13:39:26.0252 3628 Netlogon - ok
13:39:26.0257 3628 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll
13:39:26.0281 3628 Netman - ok
13:39:26.0289 3628 [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm C:\Windows\System32\netprofmsvc.dll
13:39:26.0316 3628 netprofm - ok
13:39:26.0325 3628 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:39:26.0333 3628 NetTcpPortSharing - ok
13:39:26.0337 3628 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:39:26.0344 3628 nfrd960 - ok
13:39:26.0351 3628 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:39:26.0370 3628 NlaSvc - ok
13:39:26.0373 3628 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:39:26.0381 3628 Npfs - ok
13:39:26.0384 3628 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
13:39:26.0396 3628 npsvctrig - ok
13:39:26.0399 3628 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll
13:39:26.0409 3628 nsi - ok
13:39:26.0411 3628 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:39:26.0419 3628 nsiproxy - ok
13:39:26.0444 3628 [ 76929F4A69E425911A63B407E26C2589 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:39:26.0483 3628 Ntfs - ok
13:39:26.0489 3628 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys
13:39:26.0500 3628 Null - ok
13:39:26.0511 3628 [ 65E6BB06A644533118BE007E9601B2C2 ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
13:39:26.0521 3628 nvkflt - ok
13:39:26.0713 3628 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:39:26.0888 3628 nvlddmkm - ok
13:39:26.0894 3628 [ 918841B2454F4F2BD94479692079490B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
13:39:26.0899 3628 nvpciflt - ok
13:39:26.0903 3628 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:39:26.0912 3628 nvraid - ok
13:39:26.0917 3628 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:39:26.0926 3628 nvstor - ok
13:39:26.0937 3628 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
13:39:26.0951 3628 nvsvc - ok
13:39:26.0967 3628 [ 249357999355A998AA94A3673C3367EB ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:39:26.0985 3628 nvUpdatusService - ok
13:39:26.0989 3628 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:39:26.0997 3628 nv_agp - ok
13:39:27.0002 3628 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:39:27.0009 3628 ose - ok
13:39:27.0071 3628 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:39:27.0155 3628 osppsvc - ok
13:39:27.0163 3628 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:39:27.0187 3628 p2pimsvc - ok
13:39:27.0195 3628 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll
13:39:27.0212 3628 p2psvc - ok
13:39:27.0216 3628 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys
13:39:27.0224 3628 Parport - ok
13:39:27.0228 3628 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:39:27.0236 3628 partmgr - ok
13:39:27.0241 3628 [ 3CAE2BBC86FCF7F94C9696994AF30386 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
13:39:27.0245 3628 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
13:39:27.0245 3628 PassThru Service - detected UnsignedFile.Multi.Generic (1)
13:39:27.0252 3628 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:39:27.0270 3628 PcaSvc - ok
13:39:27.0275 3628 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys
13:39:27.0285 3628 pci - ok
13:39:27.0288 3628 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys
13:39:27.0295 3628 pciide - ok
13:39:27.0300 3628 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:39:27.0311 3628 pcmcia - ok
13:39:27.0314 3628 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys
13:39:27.0321 3628 pcw - ok
13:39:27.0325 3628 [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc C:\Windows\system32\drivers\pdc.sys
13:39:27.0332 3628 pdc - ok
13:39:27.0343 3628 [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:39:27.0360 3628 PEAUTH - ok
13:39:27.0393 3628 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:39:27.0415 3628 PerfHost - ok
13:39:27.0436 3628 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll
13:39:27.0467 3628 pla - ok
13:39:27.0472 3628 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:39:27.0481 3628 PlugPlay - ok
13:39:27.0484 3628 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:39:27.0496 3628 PNRPAutoReg - ok
13:39:27.0502 3628 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:39:27.0512 3628 PNRPsvc - ok
13:39:27.0519 3628 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:39:27.0533 3628 PolicyAgent - ok
13:39:27.0538 3628 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll
13:39:27.0554 3628 Power - ok
13:39:27.0558 3628 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:39:27.0581 3628 PptpMiniport - ok
13:39:27.0639 3628 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
13:39:27.0738 3628 PrintNotify - ok
13:39:27.0745 3628 [ 99BBF2E4145E6308B39B2C13DD6291B9 ] prmvmouse C:\Windows\System32\drivers\activmouse.sys
13:39:27.0786 3628 prmvmouse - ok
13:39:27.0793 3628 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys
13:39:27.0810 3628 Processor - ok
13:39:27.0819 3628 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll
13:39:27.0847 3628 ProfSvc - ok
13:39:27.0851 3628 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:39:27.0869 3628 Psched - ok
13:39:27.0873 3628 [ A7B66B0788FB9CA54CE34EAF525DA004 ] qca_shb C:\Windows\System32\drivers\qca_shb.sys
13:39:27.0879 3628 qca_shb ( UnsignedFile.Multi.Generic ) - warning
13:39:27.0879 3628 qca_shb - detected UnsignedFile.Multi.Generic (1)
13:39:27.0884 3628 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll
13:39:27.0907 3628 QWAVE - ok
13:39:27.0910 3628 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:39:27.0919 3628 QWAVEdrv - ok
13:39:27.0922 3628 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:39:27.0934 3628 RasAcd - ok
13:39:27.0938 3628 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:39:27.0955 3628 RasAgileVpn - ok
13:39:27.0958 3628 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll
13:39:27.0977 3628 RasAuto - ok
13:39:27.0982 3628 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:39:28.0000 3628 Rasl2tp - ok
13:39:28.0007 3628 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll
13:39:28.0022 3628 RasMan - ok
13:39:28.0025 3628 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:39:28.0036 3628 RasPppoe - ok
13:39:28.0039 3628 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:39:28.0049 3628 RasSstp - ok
13:39:28.0056 3628 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:39:28.0067 3628 rdbss - ok
13:39:28.0072 3628 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
13:39:28.0079 3628 rdpbus - ok
13:39:28.0084 3628 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:39:28.0108 3628 RDPDR - ok
13:39:28.0114 3628 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:39:28.0121 3628 RdpVideoMiniport - ok
13:39:28.0125 3628 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:39:28.0134 3628 RDPWD - ok
13:39:28.0139 3628 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:39:28.0149 3628 rdyboost - ok
13:39:28.0153 3628 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:39:28.0177 3628 RemoteAccess - ok
13:39:28.0181 3628 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:39:28.0195 3628 RemoteRegistry - ok
13:39:28.0202 3628 [ CCBFCABDFE2BC22F0645CEAADDB36004 ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys
13:39:28.0210 3628 RFCOMM - ok
13:39:28.0244 3628 [ 41DDCF1ADD1FB7DE23DCF671740DDBE6 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
13:39:28.0260 3628 RichVideo - ok
13:39:28.0267 3628 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:39:28.0280 3628 RpcEptMapper - ok
13:39:28.0283 3628 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe
13:39:28.0292 3628 RpcLocator - ok
13:39:28.0303 3628 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll
13:39:28.0317 3628 RpcSs - ok
13:39:28.0323 3628 [ FD2F7ABB0B3C777CDC9D342CADBF0131 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
13:39:28.0332 3628 RSPCIESTOR - ok
13:39:28.0335 3628 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:39:28.0352 3628 rspndr - ok
13:39:28.0357 3628 [ 2B5A48DF6997F7BD92535C4F76236810 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
13:39:28.0363 3628 RtkAudioService - ok
13:39:28.0373 3628 [ 7D9DA8EC6784A9EE213C676709D46BE6 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
13:39:28.0386 3628 RTL8168 - ok
13:39:28.0389 3628 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys
13:39:28.0396 3628 s3cap - ok
13:39:28.0399 3628 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe
13:39:28.0407 3628 SamSs - ok
13:39:28.0410 3628 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:39:28.0419 3628 sbp2port - ok
13:39:28.0423 3628 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:39:28.0436 3628 SCardSvr - ok
13:39:28.0439 3628 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:39:28.0449 3628 scfilter - ok
13:39:28.0464 3628 [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule C:\Windows\system32\schedsvc.dll
13:39:28.0487 3628 Schedule - ok
13:39:28.0491 3628 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:39:28.0501 3628 SCPolicySvc - ok
13:39:28.0506 3628 [ 047315E75392CEA447ACC86257824C16 ] sdbus C:\Windows\System32\drivers\sdbus.sys
13:39:28.0516 3628 sdbus - ok
13:39:28.0521 3628 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:39:28.0565 3628 SDRSVC - ok
13:39:28.0568 3628 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys
13:39:28.0575 3628 sdstor - ok
13:39:28.0579 3628 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:39:28.0587 3628 secdrv - ok
13:39:28.0590 3628 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll
13:39:28.0614 3628 seclogon - ok
13:39:28.0618 3628 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll
13:39:28.0639 3628 SENS - ok
13:39:28.0643 3628 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:39:28.0680 3628 SensrSvc - ok
13:39:28.0683 3628 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys
13:39:28.0691 3628 SerCx - ok
13:39:28.0694 3628 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys
13:39:28.0716 3628 Serenum - ok
13:39:28.0720 3628 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys
13:39:28.0728 3628 Serial - ok
13:39:28.0731 3628 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys
13:39:28.0743 3628 sermouse - ok
13:39:28.0752 3628 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll
13:39:28.0775 3628 SessionEnv - ok
13:39:28.0778 3628 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
13:39:28.0795 3628 sfloppy - ok
13:39:28.0841 3628 [ 820368BFF0E36FF72A7DE2C20833FFEE ] SftService C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
13:39:28.0882 3628 SftService - ok
13:39:28.0893 3628 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:39:28.0921 3628 SharedAccess - ok
13:39:28.0928 3628 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:39:28.0963 3628 ShellHWDetection - ok
13:39:28.0966 3628 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:39:28.0973 3628 SiSRaid2 - ok
13:39:28.0977 3628 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:39:28.0985 3628 SiSRaid4 - ok
13:39:28.0988 3628 [ 070E4053E3426BAD7B21937F3F0275EB ] SmbDrv C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
13:39:28.0993 3628 SmbDrv - ok
13:39:28.0996 3628 [ E5D300C2193B0131E26B94FD4C68E160 ] SmbDrvI C:\Windows\System32\drivers\Smb_driver_Intel.sys
13:39:29.0002 3628 SmbDrvI - ok
13:39:29.0007 3628 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:39:29.0019 3628 SNMPTRAP - ok
13:39:29.0024 3628 [ 739A739DCC5D02FE30EDEADEBD7B9898 ] spaceport C:\Windows\system32\drivers\spaceport.sys
13:39:29.0035 3628 spaceport - ok
13:39:29.0039 3628 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
13:39:29.0079 3628 SpbCx - ok
13:39:29.0090 3628 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe
13:39:29.0123 3628 Spooler - ok
13:39:29.0206 3628 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe
13:39:29.0272 3628 sppsvc - ok
13:39:29.0280 3628 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:39:29.0298 3628 srv - ok
13:39:29.0307 3628 [ 9912FDF63EC78E1977083E20DEAE4889 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:39:29.0321 3628 srv2 - ok
13:39:29.0326 3628 [ FD8B4F201B681C555A4AF41922C52557 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:39:29.0336 3628 srvnet - ok
13:39:29.0342 3628 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:39:29.0357 3628 SSDPSRV - ok
13:39:29.0361 3628 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:39:29.0379 3628 SstpSvc - ok
13:39:29.0382 3628 [ F03B03AA7A18DEB0538D242F1DA01481 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
13:39:29.0386 3628 stdcfltn - ok
13:39:29.0394 3628 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:39:29.0402 3628 Stereo Service - ok
13:39:29.0406 3628 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:39:29.0413 3628 stexstor - ok
13:39:29.0422 3628 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll
13:39:29.0456 3628 stisvc - ok
13:39:29.0460 3628 [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci C:\Windows\system32\drivers\storahci.sys
13:39:29.0468 3628 storahci - ok
13:39:29.0471 3628 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
13:39:29.0478 3628 storflt - ok
13:39:29.0481 3628 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll
13:39:29.0509 3628 StorSvc - ok
13:39:29.0512 3628 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:39:29.0519 3628 storvsc - ok
13:39:29.0523 3628 [ 0248DE650E192EA7E383EC3BE828AF51 ] ST_Accel C:\Windows\System32\drivers\ST_Accel.sys
13:39:29.0528 3628 ST_Accel - ok
13:39:29.0531 3628 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll
13:39:29.0551 3628 svsvc - ok
13:39:29.0554 3628 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys
13:39:29.0561 3628 swenum - ok
13:39:29.0569 3628 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll
13:39:29.0660 3628 swprv - ok
13:39:29.0676 3628 [ 3675657B3A4A2868A2C2B2A160E4A3C9 ] SynTP C:\Windows\System32\drivers\SynTP.sys
13:39:29.0698 3628 SynTP - ok
13:39:29.0721 3628 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\Windows\system32\sysmain.dll
13:39:29.0765 3628 SysMain - ok
13:39:29.0771 3628 [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
13:39:29.0784 3628 SystemEventsBroker - ok
13:39:29.0789 3628 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
13:39:29.0808 3628 TabletInputService - ok
13:39:29.0815 3628 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll
13:39:29.0845 3628 TapiSrv - ok
13:39:29.0872 3628 [ B6D52E2C38B49A156E58FF5B9C6CA8BE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:39:29.0918 3628 Tcpip - ok
13:39:29.0942 3628 [ B6D52E2C38B49A156E58FF5B9C6CA8BE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:39:29.0977 3628 TCPIP6 - ok
13:39:29.0982 3628 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:39:30.0009 3628 tcpipreg - ok
13:39:30.0014 3628 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:39:30.0022 3628 tdx - ok
13:39:30.0025 3628 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys
13:39:30.0033 3628 terminpt - ok
13:39:30.0042 3628 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll
13:39:30.0071 3628 TermService - ok
13:39:30.0074 3628 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll
13:39:30.0095 3628 Themes - ok
13:39:30.0099 3628 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll
13:39:30.0107 3628 THREADORDER - ok
13:39:30.0112 3628 [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
13:39:30.0121 3628 TimeBroker - ok
13:39:30.0126 3628 [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM C:\Windows\system32\drivers\tpm.sys
13:39:30.0134 3628 TPM - ok
13:39:30.0138 3628 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll
13:39:30.0148 3628 TrkWks - ok
13:39:30.0151 3628 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:39:30.0171 3628 TrustedInstaller - ok
13:39:30.0175 3628 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:39:30.0198 3628 TsUsbFlt - ok
13:39:30.0201 3628 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
13:39:30.0215 3628 TsUsbGD - ok
13:39:30.0218 3628 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:39:30.0230 3628 tunnel - ok
13:39:30.0233 3628 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:39:30.0241 3628 uagp35 - ok
13:39:30.0244 3628 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
13:39:30.0252 3628 UASPStor - ok
13:39:30.0257 3628 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
13:39:30.0267 3628 UCX01000 - ok
13:39:30.0273 3628 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:39:30.0287 3628 udfs - ok
13:39:30.0293 3628 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:39:30.0304 3628 UI0Detect - ok
13:39:30.0308 3628 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:39:30.0315 3628 uliagpkx - ok
13:39:30.0318 3628 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys
13:39:30.0337 3628 umbus - ok
13:39:30.0340 3628 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys
13:39:30.0355 3628 UmPass - ok
13:39:30.0361 3628 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll
13:39:30.0380 3628 UmRdpService - ok
13:39:30.0387 3628 [ DBE2E6388379D5CC78099650541E9566 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:39:30.0394 3628 UNS - ok
13:39:30.0402 3628 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll
13:39:30.0419 3628 upnphost - ok
13:39:30.0423 3628 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
13:39:30.0432 3628 usbccgp - ok
13:39:30.0436 3628 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys
13:39:30.0451 3628 usbcir - ok
13:39:30.0455 3628 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
13:39:30.0463 3628 usbehci - ok
13:39:30.0471 3628 [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub C:\Windows\System32\drivers\usbhub.sys
13:39:30.0487 3628 usbhub - ok
13:39:30.0494 3628 [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
13:39:30.0508 3628 USBHUB3 - ok
13:39:30.0511 3628 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys
13:39:30.0531 3628 usbohci - ok
13:39:30.0534 3628 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys
13:39:30.0555 3628 usbprint - ok
13:39:30.0558 3628 [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:39:30.0578 3628 usbscan - ok
13:39:30.0582 3628 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
13:39:30.0591 3628 USBSTOR - ok
13:39:30.0594 3628 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
13:39:30.0602 3628 usbuhci - ok
13:39:30.0607 3628 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:39:30.0628 3628 usbvideo - ok
13:39:30.0635 3628 [ 11C0CF143D246E2F0E9BDBF17A0CC70B ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
13:39:30.0646 3628 USBXHCI - ok
13:39:30.0649 3628 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe
13:39:30.0658 3628 VaultSvc - ok
13:39:30.0661 3628 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:39:30.0668 3628 vdrvroot - ok
13:39:30.0678 3628 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe
13:39:30.0723 3628 vds - ok
13:39:30.0726 3628 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
13:39:30.0735 3628 VerifierExt - ok
13:39:30.0742 3628 [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
13:39:30.0757 3628 vhdmp - ok
13:39:30.0761 3628 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys
13:39:30.0768 3628 viaide - ok
13:39:30.0772 3628 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:39:30.0780 3628 vmbus - ok
13:39:30.0783 3628 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
13:39:30.0797 3628 VMBusHID - ok
13:39:30.0803 3628 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
13:39:30.0815 3628 vmicheartbeat - ok
13:39:30.0819 3628 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
13:39:30.0828 3628 vmickvpexchange - ok
13:39:30.0833 3628 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll
13:39:30.0842 3628 vmicrdv - ok
13:39:30.0846 3628 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll
13:39:30.0856 3628 vmicshutdown - ok
13:39:30.0860 3628 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll
13:39:30.0870 3628 vmictimesync - ok
13:39:30.0874 3628 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll
13:39:30.0884 3628 vmicvss - ok
13:39:30.0887 3628 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:39:30.0895 3628 volmgr - ok
13:39:30.0902 3628 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:39:30.0915 3628 volmgrx - ok
13:39:30.0921 3628 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:39:30.0933 3628 volsnap - ok
13:39:30.0937 3628 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys
13:39:30.0944 3628 vpci - ok
13:39:30.0948 3628 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:39:30.0958 3628 vsmraid - ok
13:39:30.0983 3628 [ EA658570314042C914964FC72AB50E6B ] VSS C:\Windows\system32\vssvc.exe
13:39:31.0011 3628 VSS - ok
13:39:31.0017 3628 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
13:39:31.0028 3628 VSTXRAID - ok
13:39:31.0032 3628 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:39:31.0039 3628 vwifibus - ok
13:39:31.0042 3628 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:39:31.0051 3628 vwififlt - ok
13:39:31.0054 3628 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:39:31.0075 3628 vwifimp - ok
13:39:31.0081 3628 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll
13:39:31.0108 3628 W32Time - ok
13:39:31.0111 3628 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys
13:39:31.0119 3628 WacomPen - ok
13:39:31.0123 3628 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:39:31.0131 3628 Wanarp - ok
13:39:31.0133 3628 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:39:31.0140 3628 Wanarpv6 - ok
13:39:31.0172 3628 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe
13:39:31.0209 3628 wbengine - ok
13:39:31.0215 3628 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:39:31.0227 3628 WbioSrvc - ok
13:39:31.0232 3628 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
13:39:31.0243 3628 Wcmsvc - ok
13:39:31.0250 3628 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:39:31.0277 3628 wcncsvc - ok
13:39:31.0280 3628 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:39:31.0303 3628 WcsPlugInService - ok
13:39:31.0306 3628 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys
13:39:31.0313 3628 Wd - ok
13:39:31.0316 3628 [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
13:39:31.0324 3628 WdBoot - ok
13:39:31.0335 3628 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:39:31.0352 3628 Wdf01000 - ok
13:39:31.0357 3628 [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
13:39:31.0367 3628 WdFilter - ok
13:39:31.0371 3628 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:39:31.0384 3628 WdiServiceHost - ok
13:39:31.0387 3628 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:39:31.0400 3628 WdiSystemHost - ok
13:39:31.0405 3628 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll
13:39:31.0417 3628 WebClient - ok
13:39:31.0422 3628 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:39:31.0439 3628 Wecsvc - ok
13:39:31.0442 3628 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:39:31.0472 3628 wercplsupport - ok
13:39:31.0476 3628 [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc C:\Windows\System32\WerSvc.dll
13:39:31.0530 3628 WerSvc - ok
13:39:31.0538 3628 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
13:39:31.0549 3628 WFPLWFS - ok
13:39:31.0552 3628 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll
13:39:31.0574 3628 WiaRpc - ok
13:39:31.0577 3628 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:39:31.0584 3628 WIMMount - ok
13:39:31.0586 3628 WinDefend - ok
13:39:31.0599 3628 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
13:39:31.0624 3628 WinHttpAutoProxySvc - ok
13:39:31.0633 3628 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:39:31.0649 3628 Winmgmt - ok
13:39:31.0742 3628 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll
13:39:31.0795 3628 WinRM - ok
13:39:31.0800 3628 [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:39:31.0816 3628 WinUsb - ok
13:39:31.0831 3628 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll
13:39:31.0853 3628 WlanSvc - ok
13:39:31.0887 3628 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\Windows\system32\wlidsvc.dll
13:39:31.0937 3628 wlidsvc - ok
13:39:31.0941 3628 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
13:39:31.0948 3628 WmiAcpi - ok
13:39:31.0955 3628 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:39:31.0966 3628 wmiApSrv - ok
13:39:31.0968 3628 WMPNetworkSvc - ok
13:39:31.0973 3628 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
13:39:31.0988 3628 wpcfltr - ok
13:39:31.0991 3628 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:39:31.0999 3628 WPCSvc - ok
13:39:32.0004 3628 [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:39:32.0027 3628 WPDBusEnum - ok
13:39:32.0029 3628 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
13:39:32.0038 3628 WpdUpFltr - ok
13:39:32.0041 3628 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:39:32.0048 3628 ws2ifsl - ok
13:39:32.0052 3628 [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc C:\Windows\System32\wscsvc.dll
13:39:32.0066 3628 wscsvc - ok
13:39:32.0070 3628 [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice C:\Windows\System32\drivers\WSDPrint.sys
13:39:32.0078 3628 WSDPrintDevice - ok
13:39:32.0081 3628 [ FA07DF46070F0826139709EF4D31FB71 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
13:39:32.0088 3628 WSDScan - ok
13:39:32.0090 3628 WSearch - ok
13:39:32.0131 3628 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll
13:39:32.0180 3628 WSService - ok
13:39:32.0221 3628 [ 79F95469604B77296346DE7DB463EA2A ] wuauserv C:\Windows\system32\wuaueng.dll
13:39:32.0273 3628 wuauserv - ok
13:39:32.0277 3628 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:39:32.0299 3628 WudfPf - ok
13:39:32.0304 3628 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
13:39:32.0320 3628 WUDFRd - ok
13:39:32.0324 3628 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP C:\Windows\system32\DRIVERS\WUDFRd.sys
13:39:32.0333 3628 WUDFSensorLP - ok
13:39:32.0337 3628 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:39:32.0364 3628 wudfsvc - ok
13:39:32.0368 3628 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
13:39:32.0377 3628 WUDFWpdFs - ok
13:39:32.0380 3628 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys
13:39:32.0389 3628 WUDFWpdMtp - ok
13:39:32.0396 3628 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:39:32.0415 3628 WwanSvc - ok
13:39:32.0420 3628 [ 756C298B03823F36A3F13FA398AD6F7F ] ZAtheros Wlan Agent C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
13:39:32.0423 3628 ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - warning
13:39:32.0423 3628 ZAtheros Wlan Agent - detected UnsignedFile.Multi.Generic (1)
13:39:32.0430 3628 ================ Scan global ===============================
13:39:32.0434 3628 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
13:39:32.0438 3628 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
13:39:32.0443 3628 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
13:39:32.0451 3628 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
13:39:32.0456 3628 [Global] - ok
13:39:32.0456 3628 ================ Scan MBR ==================================
13:39:32.0472 3628 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
13:39:32.0563 3628 \Device\Harddisk0\DR0 - ok
13:39:32.0566 3628 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
13:39:32.0579 3628 \Device\Harddisk1\DR1 - ok
13:39:32.0580 3628 ================ Scan VBR ==================================
13:39:32.0583 3628 [ E3AEFDD93A1C99EFE54AF0EB05CA8DCC ] \Device\Harddisk0\DR0\Partition1
13:39:32.0584 3628 \Device\Harddisk0\DR0\Partition1 - ok
13:39:32.0589 3628 [ 9757C6EE8EF2136C8937567F90E2A88A ] \Device\Harddisk0\DR0\Partition2
13:39:32.0590 3628 \Device\Harddisk0\DR0\Partition2 - ok
13:39:32.0595 3628 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
13:39:32.0596 3628 \Device\Harddisk0\DR0\Partition3 - ok
13:39:32.0598 3628 [ D3E6FDEFC0A65B74DAFA160239C8EED3 ] \Device\Harddisk0\DR0\Partition4
13:39:32.0600 3628 \Device\Harddisk0\DR0\Partition4 - ok
13:39:32.0602 3628 [ CFCDFA84F33922BA43C0FE38DF7F8EA9 ] \Device\Harddisk0\DR0\Partition5
13:39:32.0603 3628 \Device\Harddisk0\DR0\Partition5 - ok
13:39:32.0606 3628 [ CE660213DA0BF83AD505213B74774C7B ] \Device\Harddisk0\DR0\Partition6
13:39:32.0607 3628 \Device\Harddisk0\DR0\Partition6 - ok
13:39:32.0609 3628 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
13:39:32.0609 3628 \Device\Harddisk1\DR1\Partition1 - ok
13:39:32.0610 3628 ============================================================
13:39:32.0610 3628 Scan finished
13:39:32.0610 3628 ============================================================
13:39:32.0617 9072 Detected object count: 4
13:39:32.0618 9072 Actual detected object count: 4
13:39:50.0881 9072 IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:39:50.0881 9072 IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:39:50.0881 9072 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:39:50.0881 9072 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:39:50.0882 9072 qca_shb ( UnsignedFile.Multi.Generic ) - skipped by user
13:39:50.0882 9072 qca_shb ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:39:50.0883 9072 ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - skipped by user
13:39:50.0883 9072 ZAtheros Wlan Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:41:28.0195 8764 Deinitialize success
|
|
03.05.2013, 23:29
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen gefunden, wie entferne ich diesen Trojaner JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.05.2013, 19:41
| #13 |
| | TR/Dropper.gen gefunden, wie entferne ich diesen Trojaner JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows 8 x64
Ran by Tobias on 04.05.2013 at 20:26:47,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft llc
~~~ Files
Failed to delete: [File] C:\eula.1028.txt
Failed to delete: [File] C:\eula.1031.txt
Failed to delete: [File] C:\eula.1033.txt
Failed to delete: [File] C:\eula.1036.txt
Failed to delete: [File] C:\eula.1040.txt
Failed to delete: [File] C:\eula.1041.txt
Failed to delete: [File] C:\eula.1042.txt
Failed to delete: [File] C:\eula.2052.txt
Failed to delete: [File] C:\install.res.1028.dll
Failed to delete: [File] C:\install.res.1031.dll
Failed to delete: [File] C:\install.res.1033.dll
Failed to delete: [File] C:\install.res.1036.dll
Failed to delete: [File] C:\install.res.1040.dll
Failed to delete: [File] C:\install.res.1041.dll
Failed to delete: [File] C:\install.res.1042.dll
Failed to delete: [File] C:\install.res.2052.dll
Failed to delete: [File] C:\install.res.3082.dll
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.05.2013 at 20:29:25,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Adaware Code:
ATTFilter # AdwCleaner v2.300 - Datei am 04/05/2013 um 20:34:08 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : Tobias - LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tobias\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Tobias\AppData\Local\Temp\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0 (de)
Datei : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\j4nnumic.default-1365096878445\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\xmodwmin.default-1365096716503\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [14728 octets] - [04/04/2013 16:33:43]
AdwCleaner[S1].txt - [14786 octets] - [04/04/2013 16:34:00]
AdwCleaner[S2].txt - [1171 octets] - [04/05/2013 20:34:08]
########## EOF - C:\AdwCleaner[S2].txt - [1231 octets] ##########
Code:
ATTFilter OTL logfile created on: 04.05.2013 20:38:39 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tobias\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 77,30% Memory free 11,76 Gb Paging File | 9,84 Gb Available in Paging File | 83,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918,01 Gb Total Space | 850,62 Gb Free Space | 92,66% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Tobias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tobias\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries) PRC - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries) PRC - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.) PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks SAS) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Intel) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) PRC - C:\Programme\Activ Software\ActivDriver\ActivMgr.exe () PRC - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\f61cb86d40d67f10a44cd46f19f68246\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9c95779cc3d65cda80695cabc367476b\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\07e482b2b9035605233f2cb72408d6b1\System.ServiceModel.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\a91dc79bf846144ee47efc08e17bb3e2\UIAutomationTypes.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\500a5dd33bb40326f8ca43e385513ec2\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\ae639f7ba0abe58167f116c6c970514d\IAStorDataMgrSvcInterfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\2158f85dac5dae9e6e4ddc20342769a7\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\9a4fc56833542881e7e451a099562655\System.ServiceModel.Internals.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\89cc9825811c2121acd4e2e12c0ef044\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b82511e7c8cb919ca0dc6125489e03e2\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f641b786d36d1cc5a5531a746c96ce1b\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\115fb9d1fa2cbda89742b1c2a0631396\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\cf7db4fae047127374f220b4f59bea45\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\38638a559066bf7f2325a53ed53629bc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\05cc6faa6704d01e78700561b22937e3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8347ac8367f91309fa888d79a54c7450\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\6824c9f11ea82b4148780cd92c9d6745\PresentationFramework.Aero2.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1c7f4533b2b24c10a628793a8b93e1a7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\15cc4fff434f274c1f6ab56a385dcb54\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0247de206c1c48ac4f8b55df16468405\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\38b47b5452863bcadb6b731fe6c5198f\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fb048f69c5b71baf063604bd1724b078\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll () MOD - C:\Windows\libactivboardex.dll () MOD - C:\Programme\Activ Software\ActivDriver\QtXml4.dll () MOD - C:\Programme\Activ Software\ActivDriver\QtGui4.dll () MOD - C:\Programme\Activ Software\ActivDriver\QtNetwork4.dll () MOD - C:\Programme\Activ Software\ActivDriver\QtCore4.dll () MOD - C:\Programme\Activ Software\ActivDriver\ActivMgr.exe () ========== Services (SafeList) ========== SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Garmin Core Update Service) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries) SRV - (DellDigitalDelivery) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (HTCMonitorService) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (SftService) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks SAS) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (AtherosSvc) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe (Qualcomm Atheros Commnucations) SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (Intel(R) -- c:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\Drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\Drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\Drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\Drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\Drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\Drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated) DRV:64bit: - (DellRbtn) -- C:\Windows\SysNative\Drivers\DellRbtn.sys (OSR Open Systems Resources, Inc.) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\Drivers\irstrtdv.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros) DRV:64bit: - (qca_shb) -- C:\Windows\SysNative\Drivers\qca_shb.sys (Qualcomm Atheros Communications Inc.) DRV:64bit: - (lehidmini) -- C:\Windows\SysNative\Drivers\leath_hid.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros) DRV:64bit: - (AthDfu) -- C:\Windows\SysNative\Drivers\AthDfu.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros) DRV:64bit: - (ST_Accel) -- C:\Windows\SysNative\Drivers\ST_Accel.sys (STMicroelectronics) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\Drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\Drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (prmvmouse) -- C:\Windows\SysNative\Drivers\activmouse.sys (Promethean Technologies Ltd) DRV:64bit: - (ActivHidSerMini) -- C:\Windows\SysNative\Drivers\activhidsermini.sys (Promethean Technologies Ltd) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys (HTC, Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{ED2F4835-F194-4914-BA3A-830A7D92DA4B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{ED2F4835-F194-4914-BA3A-830A7D92DA4B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes,DefaultScope = {0F0A6FAC-CB9E-45E5-A9FA-44266D885144} IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{0F0A6FAC-CB9E-45E5-A9FA-44266D885144}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{78235E1E-A95E-4AE3-8189-1E3516193257}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{7D68CED7-68F1-4AAC-BB6C-9203C21E07E8}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{A82772B2-62A0-4908-91F0-CCF979E0C903}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{CB8AFD95-9DFC-482B-A59D-DCEDBA8F7573}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{D2DC595E-B89B-4CAD-AEAD-76F424DD5C05}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 15:46:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\sparpilot@sparpilot.com: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\bvl1jeik.default\extensions\sparpilot@sparpilot.com FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 15:46:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.26 22:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Extensions [2013.04.04 15:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.04 15:46:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.28 14:07:16 | 000,001,685 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.28 14:07:16 | 000,001,936 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.28 14:07:16 | 000,001,272 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.28 14:07:16 | 000,007,052 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.28 14:07:16 | 000,001,279 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.28 14:07:16 | 000,001,171 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ActivControl] C:\Programme\Activ Software\ActivDriver\ActivControl2x64.exe (Promethean Technologies Group Ltd) O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe (Qualcomm Atheros) O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelMyWiFiDashboard] C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries) O4 - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\Software\Policies\Microsoft\Internet Explorer\Recovery present O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..Trusted Domains: dell.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13BC66AB-6FA1-45E9-A489-875FE8C55750}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.04 20:36:23 | 000,000,000 | R--D | C] -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.05.04 20:26:44 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.04 20:26:36 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.04 20:25:50 | 000,545,926 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Tobias\Desktop\JRT.exe [2013.05.03 13:37:48 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tobias\Desktop\tdsskiller.exe [2013.05.03 13:33:18 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Tobias\Desktop\aswMBR.exe [2013.05.02 13:44:53 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\mbar-1.05.0.1001 [2013.05.01 20:05:51 | 000,613,216 | ---- | C] (www.download-sponsor.de) -- C:\Users\Tobias\Desktop\setup_mathegrafix950de.zip.exe [2013.05.01 20:03:05 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\mathegrafix [2013.05.01 20:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MatheGrafix [2013.05.01 20:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MatheGrafix [2013.04.29 23:45:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe [2013.04.29 16:50:24 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Malwarebytes [2013.04.29 16:50:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.29 16:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.29 16:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.29 16:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.25 19:11:20 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\Activstudio3 [2013.04.22 19:47:36 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Identities [2013.04.22 19:47:12 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Ogmyx [2013.04.22 19:47:12 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Noiw [2013.04.22 19:47:12 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Bykat [2013.04.15 20:04:07 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\HTC [2013.04.15 20:04:06 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\HTC Sync [2013.04.15 20:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC [2013.04.15 20:02:44 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\HTC MediaHub [2013.04.15 20:02:44 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\HTC [2013.04.15 20:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola [2013.04.15 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2013.04.15 20:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2013.04.15 20:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications [2013.04.15 20:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2013.04.15 20:01:32 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Downloaded Installations [2013.04.14 18:35:29 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll [2013.04.14 18:35:26 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.04.14 18:35:25 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013.04.14 18:35:25 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013.04.14 18:35:23 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll [2013.04.14 18:35:23 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll [2013.04.14 18:35:22 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.14 18:35:22 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2013.04.14 18:35:22 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll [2013.04.14 18:35:22 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll [2013.04.14 18:35:22 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys [2013.04.14 18:35:21 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll [2013.04.14 18:35:20 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll [2013.04.14 18:35:20 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll [2013.04.14 18:35:19 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.14 18:35:19 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.04.14 18:35:19 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013.04.14 18:35:19 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll [2013.04.14 18:35:19 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll [2013.04.14 18:35:19 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll [2013.04.14 18:35:19 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll [2013.04.14 18:35:19 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll [2013.04.14 18:35:18 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll [2013.04.14 18:35:18 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll [2013.04.14 18:35:18 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.04.14 18:35:18 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013.04.14 18:35:17 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll [2013.04.14 18:35:16 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2013.04.14 18:35:16 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll [2013.04.14 18:35:16 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll [2013.04.14 18:35:16 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll [2013.04.14 18:35:16 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll [2013.04.14 18:35:15 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2013.04.14 18:35:15 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.04.14 18:35:15 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll [2013.04.14 18:35:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013.04.14 18:35:14 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll [2013.04.14 18:35:14 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll [2013.04.14 18:35:14 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.04.14 18:35:13 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013.04.14 18:35:13 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS [2013.04.14 18:35:13 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys [2013.04.14 18:35:13 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2013.04.14 18:35:13 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys [2013.04.14 18:35:13 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys [2013.04.14 18:35:13 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll [2013.04.14 18:35:13 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys [2013.04.14 18:35:13 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013.04.14 18:35:12 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll [2013.04.14 18:35:12 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe [2013.04.14 18:35:12 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl [2013.04.14 18:35:12 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl [2013.04.14 18:35:12 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys [2013.04.14 18:35:11 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe [2013.04.14 18:35:11 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL [2013.04.14 18:35:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll [2013.04.14 18:35:10 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll [2013.04.14 18:35:10 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013.04.14 18:35:10 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll [2013.04.14 18:35:10 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2013.04.14 18:35:10 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll [2013.04.14 18:35:10 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013.04.14 18:35:10 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2013.04.14 18:35:10 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013.04.14 18:35:10 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll [2013.04.14 18:35:10 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2013.04.10 13:38:27 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.10 13:38:23 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.04.10 13:38:23 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.10 13:38:23 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.10 13:38:22 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.10 13:38:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.10 13:38:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.10 13:38:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.10 13:38:21 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.10 13:38:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.10 13:38:13 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 13:38:09 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll [2013.04.10 13:38:09 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll [2013.04.07 19:33:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2013.04.05 19:58:32 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk [2013.04.05 19:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk [2013.04.05 19:58:32 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Google [2013.04.05 19:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.04.05 18:45:49 | 000,000,000 | ---D | C] -- C:\_OTL ========== Files - Modified Within 30 Days ========== [2013.05.04 20:37:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.04 20:35:13 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.05.04 20:35:10 | 2474,426,367 | -HS- | M] () -- C:\hiberfil.sys [2013.05.04 20:33:48 | 000,628,743 | ---- | M] () -- C:\Users\Tobias\Desktop\adwcleaner.exe [2013.05.04 20:25:52 | 000,545,926 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Tobias\Desktop\JRT.exe [2013.05.04 20:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.03 13:37:48 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tobias\Desktop\tdsskiller.exe [2013.05.03 13:37:20 | 000,000,512 | ---- | M] () -- C:\Users\Tobias\Desktop\MBR.dat [2013.05.03 13:34:37 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Tobias\Desktop\aswMBR.exe [2013.05.02 13:49:38 | 001,748,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.02 13:49:38 | 000,754,172 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.02 13:49:38 | 000,711,282 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.02 13:49:38 | 000,156,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.02 13:49:38 | 000,133,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.02 13:46:49 | 000,014,382 | ---- | M] () -- C:\Users\Tobias\Desktop\Meldung 2.png [2013.05.02 13:44:44 | 012,917,756 | ---- | M] () -- C:\Users\Tobias\Desktop\mbar-1.05.0.1001.zip [2013.05.02 13:38:22 | 000,008,519 | ---- | M] () -- C:\Users\Tobias\Desktop\meldung 1.png [2013.05.02 13:34:08 | 000,377,856 | ---- | M] () -- C:\Users\Tobias\Desktop\gmer_2.1.19163.exe [2013.05.01 20:11:28 | 000,186,594 | ---- | M] () -- C:\Users\Tobias\Desktop\001.jpg [2013.05.01 20:08:59 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\MatheGrafix 9.lnk [2013.05.01 20:08:12 | 000,002,068 | ---- | M] () -- C:\Users\Tobias\Desktop\MatheGrafix 9.50 Setup.lnk [2013.05.01 20:07:06 | 001,891,961 | ---- | M] () -- C:\Users\Tobias\Desktop\setup_mathegrafix950de.zip [2013.05.01 20:05:51 | 000,613,216 | ---- | M] (www.download-sponsor.de) -- C:\Users\Tobias\Desktop\setup_mathegrafix950de.zip.exe [2013.04.29 23:45:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe [2013.04.29 17:53:08 | 000,097,615 | ---- | M] () -- C:\Users\Tobias\Desktop\Unbenannt.png [2013.04.29 17:21:56 | 000,925,933 | ---- | M] () -- C:\Users\Tobias\Desktop\IMAG1258.jpg [2013.04.29 16:50:16 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.28 18:21:18 | 000,082,947 | ---- | M] () -- C:\Users\Tobias\Desktop\Trojanermeldung.jpg [2013.04.22 19:00:16 | 000,443,274 | ---- | M] () -- C:\Users\Tobias\Desktop\FUSSBALL---CL-Bayern-vs-Barcelona_1366568735899308.jpg [2013.04.20 22:24:58 | 001,399,026 | ---- | M] () -- C:\Users\Tobias\Desktop\Chihuahua.png [2013.04.20 14:25:56 | 000,031,088 | ---- | M] () -- C:\Users\Tobias\Desktop\n_real_madrid_anti_barca-5230586.jpg [2013.04.17 21:29:29 | 000,371,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.14 19:32:10 | 000,192,164 | ---- | M] () -- C:\Users\Tobias\Desktop\Gästebuchseite Carolina und Tobias.pdf [2013.04.08 00:15:57 | 000,114,861 | ---- | M] () -- C:\Users\Tobias\Desktop\398177_3839145107751_1687868109_n.jpg [2013.04.07 22:26:55 | 000,069,102 | ---- | M] () -- C:\Users\Tobias\Desktop\431075_3189390104282_2085569437_n.jpg [2013.04.05 19:58:32 | 000,001,173 | ---- | M] () -- C:\Users\Tobias\Desktop\Google Talk.lnk ========== Files Created - No Company Name ========== [2013.05.04 20:33:48 | 000,628,743 | ---- | C] () -- C:\Users\Tobias\Desktop\adwcleaner.exe [2013.05.03 13:37:20 | 000,000,512 | ---- | C] () -- C:\Users\Tobias\Desktop\MBR.dat [2013.05.02 13:46:49 | 000,014,382 | ---- | C] () -- C:\Users\Tobias\Desktop\Meldung 2.png [2013.05.02 13:44:29 | 012,917,756 | ---- | C] () -- C:\Users\Tobias\Desktop\mbar-1.05.0.1001.zip [2013.05.02 13:38:22 | 000,008,519 | ---- | C] () -- C:\Users\Tobias\Desktop\meldung 1.png [2013.05.02 13:34:08 | 000,377,856 | ---- | C] () -- C:\Users\Tobias\Desktop\gmer_2.1.19163.exe [2013.05.01 20:08:12 | 000,002,068 | ---- | C] () -- C:\Users\Tobias\Desktop\MatheGrafix 9.50 Setup.lnk [2013.05.01 20:07:04 | 001,891,961 | ---- | C] () -- C:\Users\Tobias\Desktop\setup_mathegrafix950de.zip [2013.05.01 20:04:01 | 000,186,594 | ---- | C] () -- C:\Users\Tobias\Desktop\001.jpg [2013.05.01 20:02:56 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\MatheGrafix 9.lnk [2013.04.29 17:53:08 | 000,097,615 | ---- | C] () -- C:\Users\Tobias\Desktop\Unbenannt.png [2013.04.29 17:21:56 | 000,925,933 | ---- | C] () -- C:\Users\Tobias\Desktop\IMAG1258.jpg [2013.04.29 16:50:16 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.28 18:21:18 | 000,082,947 | ---- | C] () -- C:\Users\Tobias\Desktop\Trojanermeldung.jpg [2013.04.22 19:00:23 | 000,443,274 | ---- | C] () -- C:\Users\Tobias\Desktop\FUSSBALL---CL-Bayern-vs-Barcelona_1366568735899308.jpg [2013.04.20 22:24:58 | 001,399,026 | ---- | C] () -- C:\Users\Tobias\Desktop\Chihuahua.png [2013.04.20 14:28:29 | 000,031,088 | ---- | C] () -- C:\Users\Tobias\Desktop\n_real_madrid_anti_barca-5230586.jpg [2013.04.14 19:32:09 | 000,192,164 | ---- | C] () -- C:\Users\Tobias\Desktop\Gästebuchseite Carolina und Tobias.pdf [2013.04.14 18:35:10 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.04.13 00:12:41 | 000,371,240 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.08 00:16:08 | 000,114,861 | ---- | C] () -- C:\Users\Tobias\Desktop\398177_3839145107751_1687868109_n.jpg [2013.04.07 22:27:06 | 000,069,102 | ---- | C] () -- C:\Users\Tobias\Desktop\431075_3189390104282_2085569437_n.jpg [2013.04.05 19:58:32 | 000,001,173 | ---- | C] () -- C:\Users\Tobias\Desktop\Google Talk.lnk [2013.03.28 14:07:16 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.02.18 18:50:06 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\libgcc_s_dw2-1.dll [2013.02.18 18:50:06 | 000,011,362 | ---- | C] () -- C:\Windows\SysWow64\mingwm10.dll [2012.12.31 15:29:23 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.12.31 15:29:20 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.31 15:29:19 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.31 14:52:09 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.11.27 05:11:06 | 001,774,862 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.04.20 21:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2012.12.26 22:38:08 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
04.05.2013, 19:43
| #14 |
| | TR/Dropper.gen gefunden, wie entferne ich diesen Trojaner OTL.Txt Code:
ATTFilter OTL logfile created on: 04.05.2013 20:38:39 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tobias\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 77,30% Memory free 11,76 Gb Paging File | 9,84 Gb Available in Paging File | 83,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918,01 Gb Total Space | 850,62 Gb Free Space | 92,66% Space Free | Partition Type: NTFS Computer Name: LAPTOP | User Name: Tobias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tobias\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries) PRC - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries) PRC - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.) PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks SAS) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Intel) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (CANON INC.) PRC - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) PRC - C:\Programme\Activ Software\ActivDriver\ActivMgr.exe () PRC - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\f61cb86d40d67f10a44cd46f19f68246\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9c95779cc3d65cda80695cabc367476b\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\07e482b2b9035605233f2cb72408d6b1\System.ServiceModel.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\a91dc79bf846144ee47efc08e17bb3e2\UIAutomationTypes.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\500a5dd33bb40326f8ca43e385513ec2\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\ae639f7ba0abe58167f116c6c970514d\IAStorDataMgrSvcInterfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\2158f85dac5dae9e6e4ddc20342769a7\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\9a4fc56833542881e7e451a099562655\System.ServiceModel.Internals.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\89cc9825811c2121acd4e2e12c0ef044\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b82511e7c8cb919ca0dc6125489e03e2\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f641b786d36d1cc5a5531a746c96ce1b\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\115fb9d1fa2cbda89742b1c2a0631396\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\cf7db4fae047127374f220b4f59bea45\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\38638a559066bf7f2325a53ed53629bc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\05cc6faa6704d01e78700561b22937e3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8347ac8367f91309fa888d79a54c7450\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\6824c9f11ea82b4148780cd92c9d6745\PresentationFramework.Aero2.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1c7f4533b2b24c10a628793a8b93e1a7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\15cc4fff434f274c1f6ab56a385dcb54\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0247de206c1c48ac4f8b55df16468405\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\38b47b5452863bcadb6b731fe6c5198f\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\fb048f69c5b71baf063604bd1724b078\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll () MOD - C:\Windows\libactivboardex.dll () MOD - C:\Programme\Activ Software\ActivDriver\QtXml4.dll () MOD - C:\Programme\Activ Software\ActivDriver\QtGui4.dll () MOD - C:\Programme\Activ Software\ActivDriver\QtNetwork4.dll () MOD - C:\Programme\Activ Software\ActivDriver\QtCore4.dll () MOD - C:\Programme\Activ Software\ActivDriver\ActivMgr.exe () ========== Services (SafeList) ========== SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Garmin Core Update Service) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries) SRV - (DellDigitalDelivery) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (HTCMonitorService) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (SftService) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks SAS) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (AtherosSvc) -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe (Qualcomm Atheros Commnucations) SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Atheros) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (Intel(R) -- c:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\Drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\Drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\Drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\Drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\Drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\Drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\Drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated) DRV:64bit: - (DellRbtn) -- C:\Windows\SysNative\Drivers\DellRbtn.sys (OSR Open Systems Resources, Inc.) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\Drivers\irstrtdv.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros) DRV:64bit: - (qca_shb) -- C:\Windows\SysNative\Drivers\qca_shb.sys (Qualcomm Atheros Communications Inc.) DRV:64bit: - (lehidmini) -- C:\Windows\SysNative\Drivers\leath_hid.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros) DRV:64bit: - (AthDfu) -- C:\Windows\SysNative\Drivers\AthDfu.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros) DRV:64bit: - (ST_Accel) -- C:\Windows\SysNative\Drivers\ST_Accel.sys (STMicroelectronics) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\Drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\Drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (prmvmouse) -- C:\Windows\SysNative\Drivers\activmouse.sys (Promethean Technologies Ltd) DRV:64bit: - (ActivHidSerMini) -- C:\Windows\SysNative\Drivers\activhidsermini.sys (Promethean Technologies Ltd) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys (HTC, Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{ED2F4835-F194-4914-BA3A-830A7D92DA4B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{ED2F4835-F194-4914-BA3A-830A7D92DA4B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes,DefaultScope = {0F0A6FAC-CB9E-45E5-A9FA-44266D885144} IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{0F0A6FAC-CB9E-45E5-A9FA-44266D885144}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{78235E1E-A95E-4AE3-8189-1E3516193257}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{7D68CED7-68F1-4AAC-BB6C-9203C21E07E8}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{A82772B2-62A0-4908-91F0-CCF979E0C903}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{CB8AFD95-9DFC-482B-A59D-DCEDBA8F7573}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..\SearchScopes\{D2DC595E-B89B-4CAD-AEAD-76F424DD5C05}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=38fe0836-abaf-4b2a-8873-eb4c67f017a2&pid=sharewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 15:46:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\sparpilot@sparpilot.com: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\bvl1jeik.default\extensions\sparpilot@sparpilot.com FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.04 15:46:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.26 22:33:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\mozilla\Extensions [2013.04.04 15:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.04 15:46:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.28 14:07:16 | 000,001,685 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.28 14:07:16 | 000,001,936 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.28 14:07:16 | 000,001,272 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.28 14:07:16 | 000,007,052 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.28 14:07:16 | 000,001,279 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.28 14:07:16 | 000,001,171 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ActivControl] C:\Programme\Activ Software\ActivDriver\ActivControl2x64.exe (Promethean Technologies Group Ltd) O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe (Qualcomm Atheros) O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelMyWiFiDashboard] C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries) O4 - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\Software\Policies\Microsoft\Internet Explorer\Recovery present O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3420757673-3117285941-3436604316-1002\..Trusted Domains: dell.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13BC66AB-6FA1-45E9-A489-875FE8C55750}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.04 20:36:23 | 000,000,000 | R--D | C] -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.05.04 20:26:44 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.04 20:26:36 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.04 20:25:50 | 000,545,926 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Tobias\Desktop\JRT.exe [2013.05.03 13:37:48 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tobias\Desktop\tdsskiller.exe [2013.05.03 13:33:18 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Tobias\Desktop\aswMBR.exe [2013.05.02 13:44:53 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\mbar-1.05.0.1001 [2013.05.01 20:05:51 | 000,613,216 | ---- | C] (www.download-sponsor.de) -- C:\Users\Tobias\Desktop\setup_mathegrafix950de.zip.exe [2013.05.01 20:03:05 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\mathegrafix [2013.05.01 20:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MatheGrafix [2013.05.01 20:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MatheGrafix [2013.04.29 23:45:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe [2013.04.29 16:50:24 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Malwarebytes [2013.04.29 16:50:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.29 16:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.29 16:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.29 16:50:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.25 19:11:20 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\Activstudio3 [2013.04.22 19:47:36 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Identities [2013.04.22 19:47:12 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Ogmyx [2013.04.22 19:47:12 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Noiw [2013.04.22 19:47:12 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Bykat [2013.04.15 20:04:07 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\HTC [2013.04.15 20:04:06 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\HTC Sync [2013.04.15 20:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC [2013.04.15 20:02:44 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\HTC MediaHub [2013.04.15 20:02:44 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Documents\HTC [2013.04.15 20:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola [2013.04.15 20:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2013.04.15 20:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC [2013.04.15 20:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications [2013.04.15 20:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC [2013.04.15 20:01:32 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Downloaded Installations [2013.04.14 18:35:29 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll [2013.04.14 18:35:26 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.04.14 18:35:25 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013.04.14 18:35:25 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013.04.14 18:35:23 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll [2013.04.14 18:35:23 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll [2013.04.14 18:35:22 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.14 18:35:22 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2013.04.14 18:35:22 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll [2013.04.14 18:35:22 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll [2013.04.14 18:35:22 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys [2013.04.14 18:35:21 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll [2013.04.14 18:35:20 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll [2013.04.14 18:35:20 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll [2013.04.14 18:35:19 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.14 18:35:19 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.04.14 18:35:19 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013.04.14 18:35:19 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll [2013.04.14 18:35:19 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll [2013.04.14 18:35:19 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll [2013.04.14 18:35:19 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll [2013.04.14 18:35:19 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll [2013.04.14 18:35:18 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll [2013.04.14 18:35:18 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll [2013.04.14 18:35:18 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.04.14 18:35:18 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013.04.14 18:35:17 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll [2013.04.14 18:35:16 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2013.04.14 18:35:16 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll [2013.04.14 18:35:16 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll [2013.04.14 18:35:16 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll [2013.04.14 18:35:16 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll [2013.04.14 18:35:15 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2013.04.14 18:35:15 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.04.14 18:35:15 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll [2013.04.14 18:35:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013.04.14 18:35:14 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll [2013.04.14 18:35:14 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll [2013.04.14 18:35:14 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.04.14 18:35:13 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013.04.14 18:35:13 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS [2013.04.14 18:35:13 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys [2013.04.14 18:35:13 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2013.04.14 18:35:13 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys [2013.04.14 18:35:13 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys [2013.04.14 18:35:13 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll [2013.04.14 18:35:13 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys [2013.04.14 18:35:13 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013.04.14 18:35:12 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll [2013.04.14 18:35:12 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe [2013.04.14 18:35:12 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl [2013.04.14 18:35:12 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl [2013.04.14 18:35:12 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys [2013.04.14 18:35:11 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe [2013.04.14 18:35:11 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL [2013.04.14 18:35:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll [2013.04.14 18:35:10 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll [2013.04.14 18:35:10 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013.04.14 18:35:10 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll [2013.04.14 18:35:10 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2013.04.14 18:35:10 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll [2013.04.14 18:35:10 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013.04.14 18:35:10 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2013.04.14 18:35:10 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013.04.14 18:35:10 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll [2013.04.14 18:35:10 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2013.04.10 13:38:27 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.10 13:38:23 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.04.10 13:38:23 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.10 13:38:23 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.10 13:38:22 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.10 13:38:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.10 13:38:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.10 13:38:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.10 13:38:21 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.10 13:38:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.10 13:38:13 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 13:38:09 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll [2013.04.10 13:38:09 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll [2013.04.07 19:33:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2013.04.05 19:58:32 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk [2013.04.05 19:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk [2013.04.05 19:58:32 | 000,000,000 | ---D | C] -- C:\Users\Tobias\AppData\Local\Google [2013.04.05 19:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.04.05 18:45:49 | 000,000,000 | ---D | C] -- C:\_OTL ========== Files - Modified Within 30 Days ========== [2013.05.04 20:37:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.04 20:35:13 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.05.04 20:35:10 | 2474,426,367 | -HS- | M] () -- C:\hiberfil.sys [2013.05.04 20:33:48 | 000,628,743 | ---- | M] () -- C:\Users\Tobias\Desktop\adwcleaner.exe [2013.05.04 20:25:52 | 000,545,926 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Tobias\Desktop\JRT.exe [2013.05.04 20:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.03 13:37:48 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tobias\Desktop\tdsskiller.exe [2013.05.03 13:37:20 | 000,000,512 | ---- | M] () -- C:\Users\Tobias\Desktop\MBR.dat [2013.05.03 13:34:37 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Tobias\Desktop\aswMBR.exe [2013.05.02 13:49:38 | 001,748,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.02 13:49:38 | 000,754,172 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.02 13:49:38 | 000,711,282 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.02 13:49:38 | 000,156,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.02 13:49:38 | 000,133,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.02 13:46:49 | 000,014,382 | ---- | M] () -- C:\Users\Tobias\Desktop\Meldung 2.png [2013.05.02 13:44:44 | 012,917,756 | ---- | M] () -- C:\Users\Tobias\Desktop\mbar-1.05.0.1001.zip [2013.05.02 13:38:22 | 000,008,519 | ---- | M] () -- C:\Users\Tobias\Desktop\meldung 1.png [2013.05.02 13:34:08 | 000,377,856 | ---- | M] () -- C:\Users\Tobias\Desktop\gmer_2.1.19163.exe [2013.05.01 20:11:28 | 000,186,594 | ---- | M] () -- C:\Users\Tobias\Desktop\001.jpg [2013.05.01 20:08:59 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\MatheGrafix 9.lnk [2013.05.01 20:08:12 | 000,002,068 | ---- | M] () -- C:\Users\Tobias\Desktop\MatheGrafix 9.50 Setup.lnk [2013.05.01 20:07:06 | 001,891,961 | ---- | M] () -- C:\Users\Tobias\Desktop\setup_mathegrafix950de.zip [2013.05.01 20:05:51 | 000,613,216 | ---- | M] (www.download-sponsor.de) -- C:\Users\Tobias\Desktop\setup_mathegrafix950de.zip.exe [2013.04.29 23:45:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tobias\Desktop\OTL.exe [2013.04.29 17:53:08 | 000,097,615 | ---- | M] () -- C:\Users\Tobias\Desktop\Unbenannt.png [2013.04.29 17:21:56 | 000,925,933 | ---- | M] () -- C:\Users\Tobias\Desktop\IMAG1258.jpg [2013.04.29 16:50:16 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.28 18:21:18 | 000,082,947 | ---- | M] () -- C:\Users\Tobias\Desktop\Trojanermeldung.jpg [2013.04.22 19:00:16 | 000,443,274 | ---- | M] () -- C:\Users\Tobias\Desktop\FUSSBALL---CL-Bayern-vs-Barcelona_1366568735899308.jpg [2013.04.20 22:24:58 | 001,399,026 | ---- | M] () -- C:\Users\Tobias\Desktop\Chihuahua.png [2013.04.20 14:25:56 | 000,031,088 | ---- | M] () -- C:\Users\Tobias\Desktop\n_real_madrid_anti_barca-5230586.jpg [2013.04.17 21:29:29 | 000,371,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.14 19:32:10 | 000,192,164 | ---- | M] () -- C:\Users\Tobias\Desktop\Gästebuchseite Carolina und Tobias.pdf [2013.04.08 00:15:57 | 000,114,861 | ---- | M] () -- C:\Users\Tobias\Desktop\398177_3839145107751_1687868109_n.jpg [2013.04.07 22:26:55 | 000,069,102 | ---- | M] () -- C:\Users\Tobias\Desktop\431075_3189390104282_2085569437_n.jpg [2013.04.05 19:58:32 | 000,001,173 | ---- | M] () -- C:\Users\Tobias\Desktop\Google Talk.lnk ========== Files Created - No Company Name ========== [2013.05.04 20:33:48 | 000,628,743 | ---- | C] () -- C:\Users\Tobias\Desktop\adwcleaner.exe [2013.05.03 13:37:20 | 000,000,512 | ---- | C] () -- C:\Users\Tobias\Desktop\MBR.dat [2013.05.02 13:46:49 | 000,014,382 | ---- | C] () -- C:\Users\Tobias\Desktop\Meldung 2.png [2013.05.02 13:44:29 | 012,917,756 | ---- | C] () -- C:\Users\Tobias\Desktop\mbar-1.05.0.1001.zip [2013.05.02 13:38:22 | 000,008,519 | ---- | C] () -- C:\Users\Tobias\Desktop\meldung 1.png [2013.05.02 13:34:08 | 000,377,856 | ---- | C] () -- C:\Users\Tobias\Desktop\gmer_2.1.19163.exe [2013.05.01 20:08:12 | 000,002,068 | ---- | C] () -- C:\Users\Tobias\Desktop\MatheGrafix 9.50 Setup.lnk [2013.05.01 20:07:04 | 001,891,961 | ---- | C] () -- C:\Users\Tobias\Desktop\setup_mathegrafix950de.zip [2013.05.01 20:04:01 | 000,186,594 | ---- | C] () -- C:\Users\Tobias\Desktop\001.jpg [2013.05.01 20:02:56 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\MatheGrafix 9.lnk [2013.04.29 17:53:08 | 000,097,615 | ---- | C] () -- C:\Users\Tobias\Desktop\Unbenannt.png [2013.04.29 17:21:56 | 000,925,933 | ---- | C] () -- C:\Users\Tobias\Desktop\IMAG1258.jpg [2013.04.29 16:50:16 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.28 18:21:18 | 000,082,947 | ---- | C] () -- C:\Users\Tobias\Desktop\Trojanermeldung.jpg [2013.04.22 19:00:23 | 000,443,274 | ---- | C] () -- C:\Users\Tobias\Desktop\FUSSBALL---CL-Bayern-vs-Barcelona_1366568735899308.jpg [2013.04.20 22:24:58 | 001,399,026 | ---- | C] () -- C:\Users\Tobias\Desktop\Chihuahua.png [2013.04.20 14:28:29 | 000,031,088 | ---- | C] () -- C:\Users\Tobias\Desktop\n_real_madrid_anti_barca-5230586.jpg [2013.04.14 19:32:09 | 000,192,164 | ---- | C] () -- C:\Users\Tobias\Desktop\Gästebuchseite Carolina und Tobias.pdf [2013.04.14 18:35:10 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.04.13 00:12:41 | 000,371,240 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.08 00:16:08 | 000,114,861 | ---- | C] () -- C:\Users\Tobias\Desktop\398177_3839145107751_1687868109_n.jpg [2013.04.07 22:27:06 | 000,069,102 | ---- | C] () -- C:\Users\Tobias\Desktop\431075_3189390104282_2085569437_n.jpg [2013.04.05 19:58:32 | 000,001,173 | ---- | C] () -- C:\Users\Tobias\Desktop\Google Talk.lnk [2013.03.28 14:07:16 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.02.18 18:50:06 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\libgcc_s_dw2-1.dll [2013.02.18 18:50:06 | 000,011,362 | ---- | C] () -- C:\Windows\SysWow64\mingwm10.dll [2012.12.31 15:29:23 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.12.31 15:29:20 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.31 15:29:19 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.31 14:52:09 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.11.27 05:11:06 | 001,774,862 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.04.20 21:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2012.12.26 22:38:08 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.05.2013 20:38:39 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tobias\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,88 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 77,30% Memory free
11,76 Gb Paging File | 9,84 Gb Available in Paging File | 83,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918,01 Gb Total Space | 850,62 Gb Free Space | 92,66% Space Free | Partition Type: NTFS
Computer Name: LAPTOP | User Name: Tobias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{169CAB87-E026-4F2C-B521-24C8D336E1C7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D8ADC7AD-1673-420C-B849-D6EC445F6055}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{093E8F08-2E6E-4885-8584-3B574D8B3014}" = dir=out | name=windows_ie_ac_001 |
"{1D66BB35-F213-4AB4-92DE-9800E07DB38B}" = dir=out | name=canon inkjet print utility |
"{202E985E-2AE5-4329-89BA-BB52548192B8}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{33A8FB75-7635-4C4E-B9B5-159B9AAF0D9D}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{382355C1-0610-4D20-BE49-EAE25CF7484D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{3A47C8C4-A8AE-4738-9018-66FFA36A36A1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4A06B972-F17F-4646-90AB-4D6C3E3C7B9A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4CF6F3D4-146E-4EA8-B5C8-FBA221CC9553}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{5C80BA88-709D-4026-B251-5D7BCFB94654}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{64A94188-76F4-404E-B6E9-3FEB3E4FA1AB}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
"{69C3B709-2AAD-4346-81D3-903501B35D80}" = protocol=6 | dir=out | app=c:\program files (x86)\dell wireless\bluetooth suite\bttray.exe |
"{69CC585C-D68C-4A9E-BC64-8D14EDE375F9}" = dir=out | name=amazon |
"{6AFB6C12-56A3-4ED1-A7DB-DD9968C26CE6}" = dir=out | name=@{microsoft.bingfinance_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{70E63936-51B0-4F68-A3D2-8B8AFE47DED0}" = protocol=6 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe |
"{74854249-942E-4FC4-BB58-0262615CCDBC}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{840FF1FA-6B16-4509-A19F-7F8032F01ED4}" = dir=out | name=@{microsoft.bingnews_1.7.0.27_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{84F679BB-7DB8-45F3-92E9-AAE3916458C2}" = dir=out | name=@{microsoft.bingsports_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{8A71BD71-3D61-4CED-AB8F-E8D67428D7DA}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{8D71ABE7-AD8F-4CC1-8AF4-8BB9204502C8}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{8F11F125-8B65-4076-ADA3-5EE43FC8D99A}" = dir=out | app=c:\program files\intel\ccdashboard\bin\ccdash.exe |
"{8FD4F029-0442-4BEA-B9CF-9D9007469D10}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9578106C-9EE7-4E22-8D7B-1D66963E8FAC}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{9A2DFF45-46BB-443B-A221-B8C2B2DE48DB}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{9C35E53B-E5AE-41FA-9A68-6ADADAA4014C}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{9FA0D4F5-CAFC-4C60-8EE7-B4F7E62CB9BF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B0C2FAB4-38FF-453A-9457-ED4040AC5944}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B2EDEDF0-942A-4976-A771-BA1D22D19830}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{B40576A6-86A7-4B08-BD96-A795BB27192E}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{B588D2B8-787A-4CC6-B567-B284343925E9}" = protocol=6 | dir=out | app=c:\program files (x86)\dell wireless\bluetooth suite\win7ui.exe |
"{B939E87F-2EDD-480B-84F1-2A658EBBCB4A}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{B94E98C3-D6D6-47F6-A502-40BA20CBE7FD}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{BDC33094-F55F-4333-93A5-3F769409A18F}" = dir=in | app=c:\program files\intel\ccdashboard\bin\ccdashserver.exe |
"{BE8538ED-00C8-4F6D-BF5D-7FEB55F9B937}" = protocol=6 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\bttray.exe |
"{C0A4A7FA-F85E-405A-989D-366ECEADEB09}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CEE74EB8-8225-4038-AB9C-99BC3344ABC6}" = dir=out | app=c:\program files\intel\ccdashboard\bin\ccdashserver.exe |
"{D101E1A4-B34A-4DDF-A875-491E193BDF84}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D43B6251-F391-4899-9EA6-036C8083A7AA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E05484E0-9983-47C0-B27F-4147A644FFB9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{E2245222-A5AB-47C0-BFBA-C2BA2265F1F1}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{E3CB73E9-B2F6-43C9-9F57-6392BBF94AA1}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EB54801A-400F-4D1A-BA33-778B9DD0D8AE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EEFDD00C-02ED-4E23-8C46-D424D988AA5F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F424B582-9FED-49DF-BB10-C39E978220C9}" = dir=out | name=kindle |
"{F47D1D7D-F5D6-43DB-BDFF-D4C4815BAB52}" = dir=in | app=c:\program files\intel\ccdashboard\bin\ccdash.exe |
"{F52F537B-CA7E-4F52-A203-A2BE208C500E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{F705904D-67B5-4AA5-9C15-C7E6A8750214}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{FBCA0647-7264-41E0-8D2B-2BEBFB32B969}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FE5C2605-0D77-48D1-8F20-C3EE0DA7A766}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"TCP Query User{1E67DBD2-E7D3-4DA9-B158-DCE2187EEF1E}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\bttray.exe |
"TCP Query User{22D85C89-0A9E-47B8-80CD-A3126271BB3B}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe |
"TCP Query User{6140E125-D43F-4B0C-9AE7-DBB687CED61C}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{57657133-390A-434E-8DA0-917B7BDE6D23}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{5A8DF095-4AB5-479E-A83C-E5739253C3D0}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe |
"UDP Query User{CF65841C-15AD-4F88-9F0F-64BA837E372E}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell wireless\bluetooth suite\bttray.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E741267-F54B-4b3a-A7B6-1D1A156E385E}" = Intel(R) My WiFi Dashboard
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C0DF4742-0002-4D89-A8DE-899F5786F38B}" = ActivDriver x64 v5.5
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F7A70D00-F283-45C8-B163-49EC365D7E27}" = DSC/AA Factory Installer
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"PC-Doctor for Windows" = Dell Support Center
"SynTPDeinstKey" = Dell Touchpad
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{20F2FB2A-1FE4-4A40-96E8-87402B490E12}" = ActivInspire Help (DEU) v1
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2730415C-DEAE-4C1A-B81E-B74778D2BF81}" = Garmin Update Service
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{28061CAB-657B-44C8-BBA9-DFC463D617B7}" = Activstudio Ressourcen (DEU) v3.5.1
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2E761107-F629-425A-B323-27622F813EC4}" = Activstudio Dokumente (DEU) v3.7.1
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B3230C5-F069-416B-9169-1B84A216ED6A}" = Dell Digital Delivery
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{5002C5B1-B688-474A-AB3A-9B65DBD38FF9}" = HTC Sync Manager
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6c14a7ec-7ed6-47f1-bb64-afc001a60a24}" = Garmin Express
"{6EA9DEAF-B633-44B8-89F6-2EF0C4944A19}" = ActivInspire v1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{782E1916-7A78-47F7-9AF3-2233B83026F2}" = ActivInspire HWR Resources (INT) v1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{929B1254-D7F9-403A-8234-EE348E448820}" = Activstudio Professional Edition v3.7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}" = ST Microelectronics 3 Axis Digital Accelerometer Solution
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B543A7E3-943D-4E9B-9222-D7B04447E64D}" = Elevated Installer
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D9EF7417-8625-483D-A2D3-687C2EF83138}" = Garmin Express
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F56F50A2-451B-47A6-9542-1225DAFA1831}" = Garmin Express Tray
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F98C1A22-FD23-43DB-837D-54DBED3709DC}" = Activstudio Hilfe (DEU) v3.6.1
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"GeoGebra 4.2" = GeoGebra 4.2
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite Essentials
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MatheGrafix 9_is1" = MatheGrafix 9 (Version 9.50)
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SopCast" = SopCast 3.2.9
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3420757673-3117285941-3436604316-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.04.2013 13:14:57 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: a7261de2-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:58 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: a742d28e-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 25.04.2013 13:14:58 | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16537,
Zeitstempel: 0x512347f7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16451,
Zeitstempel: 0x50988950 Ausnahmecode: 0x80000003 Fehleroffset: 0x00089bfc ID des fehlerhaften
Prozesses: 0x3350 Startzeit der fehlerhaften Anwendung: 0x01ce41d7d998e237 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: a761aa69-adcb-11e2-be82-689423b9616c
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 26.04.2013 16:02:58 | Computer Name = Laptop | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 28.04.2013 13:20:09 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 28.04.2013 13:20:09 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1094
Error - 28.04.2013 13:20:09 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1094
Error - 28.04.2013 14:00:41 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 28.04.2013 14:00:41 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2433250
Error - 28.04.2013 14:00:41 | Computer Name = Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2433250
[ System Events ]
Error - 22.04.2013 13:36:55 | Computer Name = Laptop | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 22.04.2013 13:48:05 | Computer Name = Laptop | Source = DCOM | ID = 10010
Description =
Error - 23.04.2013 07:31:07 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 24.04.2013 07:43:38 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 24.04.2013 07:44:08 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 24.04.2013 07:44:38 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 24.04.2013 07:45:08 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 24.04.2013 07:45:38 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 24.04.2013 07:46:08 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 24.04.2013 07:46:38 | Computer Name = Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
< End of report >
|
|
04.05.2013, 22:19
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen gefunden, wie entferne ich diesen Trojaner Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/Dropper.gen gefunden, wie entferne ich diesen Trojaner |
| entferne, entfernen, escan, gefunde, gefährlich, helft, tr/dropper.gen, troja, trojane, trojaner, trojaner tr/dropper.gen |
Linear-Darstellung
