| mschwinge | 05.01.2013 11:50 |
Code:
Infizierte Registrierungsschlüssel: 4
HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt.
Code:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org
Datenbank Version: v2013.01.04.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mschwinge :: PISCA-PC [Administrator]
Schutz: Aktiviert
04.01.2013 14:55:35
MBAM-log-2013-01-04 (17-59-32).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 457763
Laufzeit: 37 Minute(n), 46 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 4
HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Users\***\Downloads\SoftonicDownloader_fuer_windows-movie-maker.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
(Ende)
Habe dann den OTL laufen lassen. Hier die Logfiles: Code:
OTL Extras logfile created on: 04.01.2013 18:28:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mschwinge\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,88 Gb Total Physical Memory | 5,48 Gb Available Physical Memory | 69,55% Memory free
15,77 Gb Paging File | 13,06 Gb Available in Paging File | 82,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449,57 Gb Total Space | 246,27 Gb Free Space | 54,78% Space Free | Partition Type: NTFS
Computer Name: PISCA-PC | User Name: mschwinge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1101953409-3167207821-1347791035-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A37F74-9FEA-4A1D-B5CE-A9AC7AAF7395}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0668FD2B-3997-44EF-BE9E-BF1CA2ED7692}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1069F150-812A-4614-9AD8-6BCB5386562A}" = rport=138 | protocol=17 | dir=out | app=system |
"{1A7C7CCE-1BC4-45B4-9F2C-6E8E8ABF11B0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{26410282-FB33-47FA-B52E-57CAD5C08128}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34438D10-061C-4EC0-A971-D3DC07299E4A}" = lport=137 | protocol=17 | dir=in | app=system |
"{360A04EB-BCFF-45CA-9101-A43FAFF8DF7A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{36F5A72C-5769-42B6-BC1F-78ED7AAA4AB6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{476CC950-3379-4B8F-A56A-C0A3BF8E27F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D8330FD-1694-435E-93BF-7469D3324461}" = lport=445 | protocol=6 | dir=in | app=system |
"{66058A0A-E703-444F-B34A-392353523D4E}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent update |
"{6724A824-111D-43C7-A88C-215EC9CFA702}" = lport=139 | protocol=6 | dir=in | app=system |
"{67F3083D-5DFF-47BA-8661-F748FAA49CB5}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent - broadcast |
"{7AB568D3-D593-4101-8A6B-1DABEDB59CC7}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update |
"{8321BB2E-1310-4A04-B492-75D49709EFB9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{89D4FB6F-F44F-49C2-BBEC-627C294CE5F0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A4A4AC7C-85D9-4102-BCC7-DE5E3F70A3B6}" = rport=139 | protocol=6 | dir=out | app=system |
"{A9FE88BE-024F-4FE0-8A65-37107810AE0A}" = rport=137 | protocol=17 | dir=out | app=system |
"{AFB54A70-46B1-47BF-BECB-EED78A513CCA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF9CA211-179B-4033-BC7C-8A856BA26EE3}" = rport=445 | protocol=6 | dir=out | app=system |
"{D5B87891-13BF-4C7E-AF5C-C6FBA95CDEC8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA08F1D4-0863-43A7-8FB5-45A40DD3E465}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{E16D943E-CF88-4245-932E-117EBF02B8F0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E187D43A-B73D-4919-9195-7624669C38C0}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent broadcast |
"{E4B7789B-C71E-44F6-A9AB-81056E91083F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E5C731E1-663D-4139-BECE-6F013AB5EB64}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ECF4F802-EBBB-4FB5-B181-07B8D6569885}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8207FBF-3EAE-416A-A304-BF403BE2B34E}" = lport=138 | protocol=17 | dir=in | app=system |
"{FDCF223A-B819-4C6E-B32B-46E2844CBE34}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03866D6F-394C-4696-8D3A-D486C1975C85}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{09736E94-F3B2-4382-8AD7-C5797A3D2BBF}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0B2295E8-B4CB-4CAD-A1A7-4F0E623EF460}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{0EC855C5-F54A-4F69-982E-3E9CF2414AE4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{0EDF29B8-944A-4DA5-B4B6-BB36E5845868}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{115952A9-1E54-4318-838E-7585DF5198FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{1E39ADF4-102A-46B2-ADEB-DA462B88D875}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{2E1C5038-D492-47A9-9E42-ED49E63E3043}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{370B3E29-E94D-4748-BF5F-69C661E1EFD6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{378D6EC7-DD03-4A51-A7EB-773B517427C7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3A26F94D-AD7D-46C1-AF19-5997371FA40E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{3DD63D0A-4CA2-4B33-B383-CB8AFE54DF07}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{3F749FD7-2A85-4A9F-8FE5-E46719A2F1AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{409C6B3F-EC0D-4E48-ACE7-338DCEEB62FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{58F31806-5B55-4F7E-843D-DF97B9551CF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BB690EB-BF76-49FE-9F55-A03A8EEE0850}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5EEBDE55-B89E-4EB3-BE06-7ECC7EA3F2A2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{60BB6BE8-5694-47D2-9D34-BCC186E64179}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{614BAFB0-3D18-4BE2-8CB4-B8E7F5A5E410}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63E6BF19-08AA-4876-B370-A79D9820BCC3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{66AC69B4-AA46-4DFD-A23B-E6256F414E64}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{7032EB2D-B15E-405E-90B7-CAEDD6434F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe |
"{7AC43C46-1E73-4CE8-A898-D3DC41716E54}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{58d79e62-cfc8-4331-8469-3a1b16e1769c}\setup\hpznui40.exe |
"{7F6DFD54-202B-4AA2-A3D5-112E827846B3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{845CA115-DDDF-459C-B2EC-0615F0072826}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{856A3CFB-E603-490B-8DD4-EB8109F9FA7E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{8AD37635-631F-4284-AB64-61080E3FDA56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8CA5EBA9-9038-4E50-85DB-2B9E708F5F6F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E34B4BE-CB4A-4B81-A753-3FFAB8CB30C0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{92EE401E-F0C2-4F52-ACED-35E226ABCEF4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{9C179DA3-C175-4020-B677-ABB2789EDC46}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9F19C92C-A893-4BED-A13B-B58FD720E726}" = protocol=6 | dir=out | app=system |
"{A06565E0-2219-47AE-89C0-E766A14299BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{A10920AB-FF9B-4150-A9AD-F6A56C229A7B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{A8F73EC6-E12E-452E-8AA3-F5BEEBCA4111}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{ACC392A2-F6BD-4A35-9E3F-D4293BE2261B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{AE5203E1-DE7A-432E-8567-DFF3A9E3C50E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B591375F-B606-4761-9BCD-9D088922AB58}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe |
"{CACFEF73-6572-4604-96B6-094832A8986E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{CC91EAB0-6ED6-420A-82C2-CED63EDAA5C2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{CE182909-73CC-4FB4-9F55-869B5BD3E632}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CEC337CA-F484-4340-BF47-0049D8469FAB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9252453-C238-4F00-9ED9-66BAB7C442A1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{DD3CC40C-5EFA-47C0-AEDD-716E66B7A431}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DD82C6C0-ACF9-437A-B50B-4EB7BF0924A0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{DFC6C0E7-8B31-4D9E-8D35-901F75E81B01}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{E2B41117-0A5E-4593-867F-FACD3194C0B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7EB3477-DDA0-4D6E-9095-9ED33BA11279}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8A2BA89-AECA-458A-A5E5-AC4A8F25248B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EB84B86A-D6D6-4A67-BB11-9D45AE040E01}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F6442149-6CA9-47A0-BF5A-3DFD9E5A3F14}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{F6B7D2D7-5A66-428A-9A82-AE44C26B865D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{FF5F7B8B-7C90-4F92-B857-694F5591D14D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{D9D6A354-2544-444F-BF8F-4A6EC2AC85E9}C:\users\mschwinge\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mschwinge\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F597B0C1-54AD-4C55-B1CB-9F967436CD3B}C:\users\mschwinge\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mschwinge\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{2999D65D-0EA8-418B-BE05-44802A2674F3}C:\users\mschwinge\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mschwinge\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{78EA907B-3CDB-4D37-8883-D6A18AE1C941}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{30C2392C-C7D6-4FE2-9617-05D2C6E9D3EE}" = Wave Infrastructure Installer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager
"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
"{5F5CBF39-BD29-43C8-B63A-B9758F0FD090}" = EMBASSY Client Core
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}" = Intel(R) Network Connections 16.8.45.00
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E9A97832-83B6-42B6-BAC6-492E344C2561}" = NTRU TCG Software Stack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-Treiberpaket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"GPL Ghostscript 9.04" = GPL Ghostscript
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSetDX" = Intel(R) Network Connections 16.8.45.00
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{0F3A02CF-09B1-4B49-BE02-A70790F18B56}" = StarMoney
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1633AF4C-47DC-4922-8539-7CA48592ABBF}" = Bloson
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E3BFCD8-78E1-4F4C-97E8-02B484CE79AA}" = GLS eBank Software
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{387B63A5-5016-1015-B06B-A9A1030E3125}" = Intel(R) Identity Protection Technology 1.2.22.0
"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43E261F0-8671-42A7-9CAC-7F7F85B7DA83}" = gSyncit
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66D6C49D-B4F4-423A-85EA-3AF843115A91}" = StarMoney
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{703BB500-F54C-4F33-9D3C-D7A28CEAFBCF}" = toolkit32for64bit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C0600A3-E772-4FC8-A67D-ED110E69665C}" = Wave Crypto Runtime 2.0.7.0 x86
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C607265F-86AA-4B42-9F9B-D0ED2E4AACA6}" = 6500_E709a
"{C8B857A8-8C7D-4CEA-86A0-D830FABFBA85}" = StarMoney 8.0
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Foxit Reader" = Foxit Reader
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PVProfit" = PVProfit
"Rechnungsdruckerei 2013_is1" = DATA BECKER Rechnungsdruckerei 2013
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1101953409-3167207821-1347791035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTrader 5.4.3_b15" = ActiveTrader 5.4.3_b15
"Dropbox" = Dropbox
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
< End of report >
Code:
OTL logfile created on: 05.01.2013 10:52:13 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mschwinge\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,88 Gb Total Physical Memory | 6,48 Gb Available Physical Memory | 82,20% Memory free
15,77 Gb Paging File | 13,20 Gb Available in Paging File | 83,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449,57 Gb Total Space | 246,24 Gb Free Space | 54,77% Space Free | Partition Type: NTFS
Computer Name: PISCA-PC | User Name: mschwinge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.01.05 10:51:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mschwinge\Downloads\OTL (1).exe
PRC - [2012.12.29 00:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\mschwinge\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.27 23:05:46 | 000,167,256 | ---- | M] (Fieldston Software) -- C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
PRC - [2012.12.21 12:41:31 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.28 16:37:22 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.11.28 16:37:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012.11.28 16:23:06 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.11.28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.11.12 03:45:18 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.11.12 03:45:14 | 000,968,120 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.11.01 05:16:42 | 000,577,536 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.03 11:53:52 | 000,275,832 | ---- | M] (DATA BECKER) -- C:\Program Files (x86)\DATA BECKER\Rechnungsdruckerei 2013\dbrd2013tray.exe
PRC - [2012.06.28 17:31:14 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
PRC - [2012.04.17 22:06:42 | 002,594,584 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.04.17 22:06:40 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.03.19 20:58:12 | 000,514,128 | ---- | M] (REINER SCT) -- C:\Windows\SysWOW64\cjpcsc.exe
PRC - [2011.09.28 16:18:02 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011.02.23 21:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.11.17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.01 16:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009.01.08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2007.09.11 14:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\FRITZ!DSL\StCenter.exe
PRC - [2007.09.04 09:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
========== Modules (No Company Name) ==========
MOD - [2012.12.27 23:05:42 | 001,939,456 | ---- | M] () -- C:\Program Files (x86)\Fieldston Software\gSyncit\gSyncit.core.dll
MOD - [2012.11.17 09:14:31 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll
MOD - [2012.11.17 09:14:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\59d00fa60a9e559f8717404a5032e6ba\System.Runtime.Remoting.ni.dll
MOD - [2012.11.17 09:14:00 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll
MOD - [2012.11.17 09:12:04 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\df85a94db4f59fa483bce708f4a54643\IAStorUtil.ni.dll
MOD - [2012.11.17 09:12:04 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3343dd79a8a8fc1befde1635a3532e0c\IAStorCommon.ni.dll
MOD - [2012.11.17 09:11:55 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
MOD - [2012.11.17 09:10:20 | 010,580,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\409c27bc1e434bf90f0df3d7096613bd\System.Design.ni.dll
MOD - [2012.11.17 09:10:16 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012.11.17 09:10:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012.11.17 09:10:11 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a30d7e65103254213dc62f238be50f97\System.EnterpriseServices.ni.dll
MOD - [2012.11.17 09:10:11 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll
MOD - [2012.11.17 09:10:10 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012.11.17 09:09:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.17 09:09:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.17 09:09:43 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012.11.17 09:09:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.17 09:09:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.17 09:09:37 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.17 09:09:34 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.11.17 00:13:09 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll
MOD - [2012.11.17 00:13:01 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll
MOD - [2012.11.17 00:12:56 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll
MOD - [2012.11.17 00:10:33 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll
MOD - [2012.11.17 00:10:32 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll
MOD - [2012.11.17 00:10:29 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll
MOD - [2012.11.17 00:10:28 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll
MOD - [2012.11.17 00:10:25 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll
MOD - [2012.09.27 22:00:37 | 000,972,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
MOD - [2012.09.25 01:20:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.08.27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
MOD - [2011.08.03 21:50:42 | 000,837,632 | ---- | M] () -- C:\Program Files (x86)\Fieldston Software\gSyncit\System.Data.SQLite.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2010.11.24 22:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
MOD - [2010.11.21 07:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
========== Services (SafeList) ==========
SRV:64bit: - [2011.11.09 17:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.21 12:41:31 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012.12.20 15:40:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.28 17:31:14 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012.04.17 22:06:42 | 002,594,584 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.04.17 22:06:40 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.03.19 20:58:12 | 000,514,128 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\SysWOW64\cjpcsc.exe -- (cjpcsc)
SRV - [2012.01.17 07:45:16 | 000,218,504 | ---- | M] () [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe -- (EmbassyService)
SRV - [2012.01.16 15:29:58 | 000,198,144 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe -- (WvPCR)
SRV - [2012.01.05 15:02:14 | 001,679,872 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe -- (Wave Authentication Manager Service)
SRV - [2011.12.08 10:45:42 | 004,146,032 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2011.11.11 14:42:14 | 002,167,176 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2011.10.08 22:48:08 | 001,637,888 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2011.09.28 16:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010.11.25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.11.25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.07.06 14:16:50 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- c:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.08 15:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2007.09.04 09:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.12.21 12:51:10 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.12.21 12:51:10 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012.12.21 12:51:10 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.12.21 12:51:10 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.25 01:20:48 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2012.09.25 01:20:45 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2012.09.25 01:20:41 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2012.09.25 01:20:41 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2012.09.25 01:20:31 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.09.25 01:20:27 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.09.25 01:20:27 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.09.24 17:44:32 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2011.11.30 23:09:34 | 000,358,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.09.22 20:49:56 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.06.10 20:16:08 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.29 09:50:26 | 000,034,672 | ---- | M] (REINER SCT) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cjusb.sys -- (cjusb)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.08 19:07:48 | 000,338,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2010.11.08 19:06:58 | 000,196,688 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2010.11.08 19:05:20 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.11.06 03:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.10.04 19:39:18 | 001,980,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTDVHD64.sys -- (IntcAzAudAddService)
DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.10.20 16:20:36 | 000,114,608 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.21 13:30:58 | 000,583,168 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC530.sys -- (SPC530)
DRV:64bit: - [2008.05.21 13:30:58 | 000,008,192 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC530m.sys -- (SPC530m)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{64ED64CF-B308-43F7-AFE9-C433BCEEB105}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{64ED64CF-B308-43F7-AFE9-C433BCEEB105}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ww.google.de/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{D818EB59-2911-4984-A1B7-06D5A66A3ADF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=a3f30611-9e23-42f8-9e1d-602a1500dc61&apn_sauid=C65F9576-CC91-487B-85DE-D2159ACF2FD0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\mschwinge\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\FirefoxExtension [2012.10.14 18:02:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.10.18 11:44:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.12.21 12:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.21 12:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.12.21 12:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.20 12:04:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.10.18 11:44:17 | 000,000,000 | ---D | M]
[2012.12.20 12:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mschwinge\AppData\Roaming\mozilla\Extensions
[2012.12.20 12:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: https://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Chrome extensions file IO (Enabled) = C:\Users\mschwinge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jimlgadlmmpnoagdcbciogmhpoeejhon\1.0.16_0\npapi-file-io-32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\mschwinge\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\mschwinge\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mschwinge\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\mschwinge\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\mschwinge\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\mschwinge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Bloson = C:\Users\mschwinge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jimlgadlmmpnoagdcbciogmhpoeejhon\1.0.16_0\
CHR - Extension: Google Mail = C:\Users\mschwinge\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {58307a99-7813-45f1-ac6c-06ff1617a20d} - No CLSID value found.
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtDCpl64.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [TdmNotify] C:\Programme\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [OfficeScanNT Monitor] "c:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow File not found
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [BlosonAddonUpdater] C:\Users\mschwinge\AppData\Roaming\Bloson\BlosonAddonUpdater.exe (VSH Solutions)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [RD2013Tray] C:\Program Files (x86)\DATA BECKER\Rechnungsdruckerei 2013\dbrd2013tray.exe (DATA BECKER)
O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - Startup: C:\Users\mschwinge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\mschwinge\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([*] in Lokales Intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BE71198-4105-4613-88B8-4758E82E0A55}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1056\TmIEPlg32.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Authentication Packages - (wvauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.04 18:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.04 18:17:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.01.04 18:17:47 | 000,000,000 | ---D | C] -- C:\JRT
[2013.01.04 14:30:29 | 000,000,000 | ---D | C] -- C:\Users\mschwinge\AppData\Roaming\Malwarebytes
[2013.01.04 14:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.04 14:30:24 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.04 14:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.04 14:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.04 14:30:13 | 000,000,000 | ---D | C] -- C:\Users\mschwinge\AppData\Local\Programs
[2012.12.21 12:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2012.12.21 12:38:26 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2012.12.21 12:38:07 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2012.12.21 12:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.12.21 12:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012.12.21 12:38:00 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.12.21 12:38:00 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2012.12.21 12:34:48 | 000,000,000 | ---D | C] -- C:\Users\mschwinge\AppData\Roaming\Wave Systems Corp
[2012.12.20 15:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.12.20 15:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.12.20 15:41:51 | 000,000,000 | ---D | C] -- C:\Users\mschwinge\AppData\Local\Macromedia
[2012.12.20 12:04:18 | 000,000,000 | ---D | C] -- C:\Users\mschwinge\AppData\Local\Mozilla
[2012.12.20 12:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.12.20 12:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.12.20 11:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.12.20 11:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.12.20 11:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.12.20 11:46:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.12.20 11:46:26 | 000,000,000 | ---D | C] -- C:\b5ff9dd00027de93f71a7191e6bc
[2012.12.20 11:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bloson
[2012.12.20 11:46:16 | 000,000,000 | ---D | C] -- C:\Users\mschwinge\AppData\Roaming\Bloson
[2012.12.18 21:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2012.12.17 22:39:04 | 000,000,000 | ---D | C] -- C:\Users\mschwinge\AppData\Roaming\TuneUp Software
[2012.12.17 22:38:56 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.17 22:38:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.17 22:38:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.17 22:38:47 | 000,000,000 | ---D | C] -- C:\Users\mschwinge\AppData\Roaming\PhotoScape
[2012.12.14 21:54:40 | 000,000,000 | ---D | C] -- C:\Users\mschwinge\Desktop\leo
[2012.12.08 18:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[1 C:\Users\mschwinge\*.tmp files -> C:\Users\mschwinge\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.01.05 10:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.05 10:27:32 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.05 10:27:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.04 19:02:46 | 001,763,746 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.04 19:02:46 | 000,746,446 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.04 19:02:46 | 000,699,822 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.04 19:02:46 | 000,163,954 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.04 19:02:46 | 000,136,646 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.04 18:53:48 | 000,000,982 | ---- | M] () -- C:\Users\mschwinge\Desktop\7-Zip File Manager.lnk
[2013.01.04 18:28:07 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 18:28:07 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 18:21:07 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.04 18:20:49 | 2053,935,103 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.04 14:30:25 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.03 16:58:09 | 000,001,057 | ---- | M] () -- C:\Users\mschwinge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.03 16:58:04 | 000,001,033 | ---- | M] () -- C:\Users\mschwinge\Desktop\Dropbox.lnk
[2012.12.25 19:09:39 | 001,731,768 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.22 03:17:18 | 000,398,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.21 12:55:00 | 000,002,471 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
[2012.12.21 12:55:00 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\FRITZ!DSL Startcenter.lnk
[2012.12.21 12:51:10 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.12.21 12:51:10 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys
[2012.12.21 12:51:10 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2012.12.21 12:51:10 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2012.12.21 12:38:27 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2012.12.20 15:52:59 | 000,002,287 | ---- | M] () -- C:\Users\mschwinge\Desktop\Google Chrome.lnk
[2012.12.20 15:29:55 | 000,001,208 | ---- | M] () -- C:\Users\mschwinge\Desktop\HPDB23B1 (HP Officejet 6500 E709a) - Verknüpfung.lnk
[2012.12.20 12:04:16 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Users\mschwinge\*.tmp files -> C:\Users\mschwinge\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.01.04 18:53:48 | 000,000,982 | ---- | C] () -- C:\Users\mschwinge\Desktop\7-Zip File Manager.lnk
[2013.01.04 14:30:25 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.21 12:38:36 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2012.12.20 15:52:59 | 000,002,287 | ---- | C] () -- C:\Users\mschwinge\Desktop\Google Chrome.lnk
[2012.12.20 15:52:27 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.20 15:52:27 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.20 15:29:55 | 000,001,208 | ---- | C] () -- C:\Users\mschwinge\Desktop\HPDB23B1 (HP Officejet 6500 E709a) - Verknüpfung.lnk
[2012.12.20 12:04:16 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.12.20 12:04:16 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.18 16:35:40 | 000,000,016 | -H-- | C] () -- C:\Users\mschwinge\SyncToy_8c15342c-44e9-4488-a653-b452522d91cf.dat
[2012.10.18 11:41:57 | 000,262,583 | ---- | C] () -- C:\Windows\hpwins23.dat
[2012.10.18 11:41:57 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2012.10.15 17:37:41 | 000,262,488 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2012.10.14 18:27:36 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2012.10.14 18:27:36 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll
[2012.10.14 18:01:34 | 000,000,394 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2012.10.05 10:32:53 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.09.25 01:11:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.09.25 01:11:28 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.09.25 01:11:27 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.09.25 01:11:26 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.09.25 01:11:25 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.09.24 17:44:40 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
[2012.09.23 18:39:55 | 000,110,864 | ---- | C] () -- C:\Users\mschwinge\AppData\Local\GDIPFONTCACHEV1 (1).DAT
[2012.09.23 18:09:07 | 001,756,717 | -H-- | C] () -- C:\Users\mschwinge\AppData\Local\IconCache (1).db
[2012.09.17 14:45:53 | 000,060,304 | ---- | C] () -- C:\Users\mschwinge\g2mdlhlpx.exe
[2011.11.14 10:29:30 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-HK.dll
[2011.11.14 10:29:28 | 000,088,064 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_th.dll
[2011.11.14 10:29:26 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sl.dll
[2011.11.14 10:29:24 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_hr.dll
[2011.11.14 10:29:24 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sk.dll
[2011.11.14 10:29:20 | 000,089,088 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_tr.dll
[2011.11.14 10:29:18 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ro.dll
[2011.11.14 10:29:16 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pt-BR.dll
[2011.11.14 10:29:14 | 000,092,160 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_hu.dll
[2011.11.14 10:29:12 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_fi.dll
[2011.11.14 10:29:12 | 000,084,992 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_he.dll
[2011.11.14 10:29:10 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_el.dll
[2011.11.14 10:29:08 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_cs.dll
[2011.11.14 10:29:08 | 000,087,040 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ar.dll
[2011.11.14 10:29:06 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-CHT.dll
[2011.11.14 10:29:04 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_zh-CHS.dll
[2011.11.14 10:29:02 | 000,091,648 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_sv.dll
[2011.11.14 10:29:00 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ru.dll
[2011.11.14 10:28:58 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pt.dll
[2011.11.14 10:28:58 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_pl.dll
[2011.11.14 10:28:56 | 000,089,600 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_no.dll
[2011.11.14 10:28:54 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_nl.dll
[2011.11.14 10:28:54 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ko.dll
[2011.11.14 10:28:52 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_ja.dll
[2011.11.14 10:28:50 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_it.dll
[2011.11.14 10:28:48 | 000,095,232 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_fr.dll
[2011.11.14 10:28:46 | 000,094,720 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_es.dll
[2011.11.14 10:28:44 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_de.dll
[2011.11.14 10:28:42 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\Internationalization_da.dll
[2011.09.01 21:05:39 | 000,000,016 | -H-- | C] () -- C:\Users\mschwinge\SyncToy_1f4624b2-d72b-4dd8-ac51-39303bc676bd.dat
[2011.08.10 09:20:48 | 005,767,168 | -HS- | C] () -- C:\Users\mschwinge\ntuser (1).dat
[2011.04.21 18:56:28 | 001,008,640 | ---- | C] () -- C:\Windows\SysWow64\DemoLicense.dll
[2011.02.11 18:45:27 | 001,763,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.09.25 01:20:31 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.09.25 01:20:31 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.12.20 11:46:23 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\Bloson
[2012.10.04 21:39:32 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\DATA BECKER Shared
[2013.01.04 18:21:10 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\Dropbox
[2012.10.18 11:04:17 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\Foxit Software
[2012.10.27 11:18:23 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\FreePDF
[2012.10.04 21:39:45 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\FRITZ!
[2013.01.04 19:03:34 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\gSyncit
[2012.10.04 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\ICQ
[2012.10.04 21:39:46 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\Leadertech
[2012.12.17 22:46:49 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\PhotoScape
[2012.10.14 18:41:28 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\ProtectDisc
[2012.11.03 11:43:49 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\PVProfit
[2012.10.04 21:51:10 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\Samsung
[2012.10.14 19:22:38 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\Solarschmiede
[2012.12.17 22:39:04 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\TuneUp Software
[2012.12.21 12:34:48 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\Wave Systems Corp
[2012.10.04 21:52:18 | 000,000,000 | ---D | M] -- C:\Users\mschwinge\AppData\Roaming\WinBatch
========== Purity Check ==========
< End of report >
Vielen Dank für die Hilfe
Markus |
