![]() |
|
Log-Analyse und Auswertung: Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FIWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI Hallo liebe Helfer in der Not, seit Donnerstag letzter Woche meldet AVIRA (wie bei so vielen anderen hier auf dem board) in kurzen Abständen die Funde "W32/Patched.UA", "TR/ATRAPS.Gen2" und "TR/Small.FI". Ich bin sehr froh, dass ich Euch gefunden habe und hoffe, Ihr könnt mir helfen. Damit dieses auch möglich ist, habe ich mich sklavisch an die Anweisungen gehalten und poste jetzt hier die Ergebnisse meiner SCANS: AVIRA Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Montag, 18. Juni 2012 09:48 Es wird nach 3844536 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows (TM) Vista Home Premium Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : MEPHISTO Versionsinformationen: BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00 AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 17:53:26 AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 17:53:25 LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 17:53:40 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 17:53:43 AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 18:39:42 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 08:24:16 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:20:19 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 09:28:26 VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 18:39:39 VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 18:39:39 VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 18:39:40 VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 18:39:40 VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 18:39:40 VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 18:39:40 VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 18:39:40 VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 18:39:40 VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 18:39:40 VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 17:56:08 VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 17:56:12 VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 17:56:19 VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 17:56:32 VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 17:56:39 VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 09:24:38 VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 09:24:38 VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 13:29:29 VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 07:49:22 VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 19:00:48 VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 19:45:46 VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 19:45:51 VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 11:45:43 VBASE027.VDF : 7.11.32.252 2048 Bytes 14.06.2012 11:45:43 VBASE028.VDF : 7.11.32.253 2048 Bytes 14.06.2012 11:45:43 VBASE029.VDF : 7.11.32.254 2048 Bytes 14.06.2012 11:45:43 VBASE030.VDF : 7.11.32.255 2048 Bytes 14.06.2012 11:45:44 VBASE031.VDF : 7.11.33.62 105472 Bytes 18.06.2012 07:45:39 Engineversion : 8.2.10.92 AEVDF.DLL : 8.1.2.8 106867 Bytes 03.06.2012 09:24:45 AESCRIPT.DLL : 8.1.4.26 450939 Bytes 15.06.2012 11:47:18 AESCN.DLL : 8.1.8.2 131444 Bytes 30.01.2012 10:20:48 AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 11:47:30 AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06 AEPACK.DLL : 8.2.16.18 807287 Bytes 15.06.2012 11:47:09 AEOFFICE.DLL : 8.1.2.36 201082 Bytes 15.06.2012 11:46:55 AEHEUR.DLL : 8.1.4.46 4923767 Bytes 15.06.2012 11:46:53 AEHELP.DLL : 8.1.21.0 254326 Bytes 11.05.2012 18:39:29 AEGEN.DLL : 8.1.5.30 422261 Bytes 15.06.2012 11:45:48 AEEXP.DLL : 8.1.0.52 82293 Bytes 15.06.2012 11:47:30 AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01 AECORE.DLL : 8.1.25.10 201080 Bytes 03.06.2012 09:24:39 AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01 AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 17:53:17 AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 17:53:25 AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 17:53:43 AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 17:53:21 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 17:53:24 SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 17:53:42 AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 17:53:28 NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 17:53:40 RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 17:53:17 RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 17:53:18 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Abweichende Gefahrenkategorien........: +JOKE,+PCK,+SPR, Beginn des Suchlaufs: Montag, 18. Juni 2012 09:48 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Adobe [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\ADOBE SYSTEMS [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Agfa [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc. [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\C07ft5Y [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\CyberLink [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\DivXNetworks [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DownloadManager [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\EmbedExtnToClsidMappings [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Jet [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\RAS AutoDial [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Works [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nokia [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\RIS [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\S3R521 [HINWEIS] Der Registrierungseintrag ist nicht sichtbar. Versteckter Treiber [HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'openvpntray.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'GarminLifetime.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'WebcamDell.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'PDVDDXSrv.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'DataSafeOnline.exe' - '110' Modul(e) wurden durchsucht Durchsuche Prozess 'ONENOTEM.EXE' - '19' Modul(e) wurden durchsucht Durchsuche Prozess 'Skype.exe' - '144' Modul(e) wurden durchsucht Durchsuche Prozess 'KiesTrayAgent.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'DTLite.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'conime.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'Toaster.exe' - '93' Modul(e) wurden durchsucht Durchsuche Prozess 'DSUpd.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'STSERVICE.EXE' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'sftservice.EXE' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'RichVideo.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'mdm.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'hsswd.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'hsssrv.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'openvpnas.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'SeaPort.EXE' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '72' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'DockLogin.exe' - '22' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: C:\Windows\Sysnative\drivers\sptd.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! Die Registry wurde durchsucht ( '3736' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <OS> C:\DELL\j156m\factory\common_64_SM.7z [WARNUNG] Der Archivheader ist defekt C:\DELL\j156m\factory\common_PF2.7z [WARNUNG] Die Datei ist kennwortgeschützt C:\Program Files (x86)\Activision\Wolfenstein\SP\base\assets.pk4 [WARNUNG] Unerwartetes Dateiende erreicht C:\Program Files (x86)\Activision\Wolfenstein\SP\base\shaders.pk4 [WARNUNG] Unerwartetes Dateiende erreicht C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat [WARNUNG] Die Datei ist kennwortgeschützt C:\Users\* * *\Desktop\avira_free_antivirus_de.exe [WARNUNG] Die Datei ist kennwortgeschützt C:\Users\* * *\Desktop\HSS-2.07-install-resell3-306-conduit.exe [WARNUNG] Die Version dieses Archives wird nicht unterstützt C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@ [FUND] Ist das Trojanische Pferd TR/Small.FI C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 C:\Windows\System32\services.exe [FUND] Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA Beginne mit der Suche in 'D:\' <RECOVERY> Beginne mit der Desinfektion: C:\Windows\System32\services.exe [FUND] Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 55055eca.qua erstellt ( QUARANTÄNE ) C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dcc76d8.qua' verschoben! C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@ [FUND] Ist das Trojanische Pferd TR/Small.FI [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1f932c30.qua' verschoben! Ende des Suchlaufs: Montag, 18. Juni 2012 11:58 Benötigte Zeit: 2:08:02 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 49476 Verzeichnisse wurden überprüft 739565 Dateien wurden geprüft 3 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 3 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 1 Dateien konnten nicht durchsucht werden 739561 Dateien ohne Befall 7201 Archive wurden durchsucht 8 Warnungen 24 Hinweise 1110337 Objekte wurden beim Rootkitscan durchsucht 21 Versteckte Objekte wurden gefunden Malwarebyte Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.18.03 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 * * * :: MEPHISTO [Administrator] Schutz: Aktiviert 18.06.2012 12:05:49 mbam-log-2012-06-18 (15-46-16).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 469317 Laufzeit: 3 Stunde(n), 18 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 18.06.2012 15:56:04 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\* * *\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,92% Memory free 8,16 Gb Paging File | 6,06 Gb Available in Paging File | 74,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,40 Gb Total Space | 38,78 Gb Free Space | 13,68% Space Free | Partition Type: NTFS Drive D: | 14,65 Gb Total Space | 6,79 Gb Free Space | 46,35% Space Free | Partition Type: NTFS Computer Name: MEPHISTO | User Name: * * * | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.18 15:55:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\* * *\Desktop\OTL.exe PRC - [2012.06.14 12:52:26 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe PRC - [2012.05.08 19:53:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 19:53:24 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 19:53:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.07 03:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe PRC - [2012.01.06 20:36:14 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2012.01.06 16:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe PRC - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2011.11.08 12:11:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.11.08 12:11:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.01.13 21:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2011.01.13 21:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe PRC - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2008.11.11 18:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe PRC - [2008.05.23 21:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.06.15 22:28:31 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\592a9a12b07b624764df2eca289116d1\System.Web.Services.ni.dll MOD - [2012.06.15 22:09:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.14 12:19:20 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.06.14 12:18:49 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.06.14 12:18:41 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012.06.14 12:18:22 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.06.14 12:18:19 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012.06.14 11:59:03 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.06.14 11:58:42 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll MOD - [2012.06.14 11:57:50 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll MOD - [2012.06.03 13:03:51 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012.06.03 12:04:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.06.03 11:23:26 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.06.03 11:22:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0b56e0ea0a4fca560a68607afae65ac9\System.Core.ni.dll MOD - [2012.06.03 11:21:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll MOD - [2012.06.03 11:21:03 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll MOD - [2012.06.03 11:20:57 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.06.03 11:20:43 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012.05.29 21:08:31 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012.05.29 20:32:50 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.05.29 20:28:34 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll MOD - [2012.05.29 20:28:15 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a8079623eab0ba9e106436885a0281d\System.Xml.Linq.ni.dll MOD - [2012.05.29 20:28:13 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.05.29 20:22:22 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.05.29 20:22:21 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\8ec275d60f23035b499a67037212ef4f\System.Security.ni.dll MOD - [2012.05.29 20:22:14 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.05.29 20:22:02 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.05.29 20:21:49 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012.01.07 03:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe MOD - [2012.01.06 20:38:08 | 000,009,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll MOD - [2011.11.27 20:07:07 | 000,115,137 | ---- | M] () -- C:\Users\* * *\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll MOD - [2011.11.08 12:11:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.01.13 21:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll MOD - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2011.01.13 21:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll MOD - [2011.01.13 21:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll MOD - [2011.01.13 21:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll MOD - [2011.01.13 21:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll MOD - [2011.01.13 21:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll MOD - [2011.01.13 21:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll MOD - [2011.01.13 21:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll MOD - [2011.01.13 21:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll MOD - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2009.11.13 17:15:00 | 000,365,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll MOD - [2009.11.13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2009.11.13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2009.11.13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2009.11.13 17:15:00 | 000,046,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll MOD - [2009.11.13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll MOD - [2009.04.09 23:29:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2009.03.29 21:40:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.29 21:40:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.03.19 18:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV) SRV:64bit: - [2009.03.19 18:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2008.12.21 20:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2008.11.26 23:45:44 | 000,918,528 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2012.06.14 12:52:27 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.08 19:53:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 19:53:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.06 20:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2012.01.06 20:36:14 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 19:53:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 19:53:42 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss) DRV:64bit: - [2011.02.28 23:36:54 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HssDrv.sys -- (HssDrv) DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011.01.03 10:38:36 | 000,145,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.05.15 20:50:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.05.06 18:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid) DRV:64bit: - [2009.04.10 22:39:38 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser) DRV:64bit: - [2009.04.10 22:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2009.03.19 18:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.03.06 08:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd) DRV:64bit: - [2008.12.21 20:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY) DRV:64bit: - [2008.12.16 18:56:52 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX) DRV:64bit: - [2008.11.26 23:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300) DRV:64bit: - [2008.11.26 23:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2008.11.25 16:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:64bit: - [2008.10.28 17:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2008.10.07 19:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2008.09.15 19:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2008.09.15 19:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2008.09.15 19:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2008.02.25 10:59:14 | 000,112,512 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2008.01.21 04:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R) DRV:64bit: - [2007.11.14 10:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2006.11.01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr) DRV - [2011.05.12 20:10:40 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.berlin.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {8A98EB80-7689-498B-B39E-4BE93D32F3AB} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox IE - HKCU\..\SearchScopes\{8A98EB80-7689-498B-B39E-4BE93D32F3AB}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EPSON BX300F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_SF814.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [EPSON BX300F Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_S2B63.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {30A3CCA5-F34C-4E87-BB57-5A2F2C935E14} file:///E:/CDVIEWER/CdViewer.cab (AMI DicomDir TreeView Control 2.0) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F040E6-32BA-49E5-A291-E98C7A3EE46A}: NameServer = 150.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F06AA57A-B93B-4C3C-8287-D83B1100F386}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\* * *\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\* * *\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.12.13 10:54:38 | 000,000,000 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{283ef8a8-9d5d-11de-9546-002219f779e2}\Shell\AutoRun\command - "" = F:\.\MigWiz\migsetup.exe O33 - MountPoints2\{2bd949b1-933a-11de-abd8-002219f779e2}\Shell\AutoRun\command - "" = F:\.\dae_player.exe O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell - "" = AutoRun O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell - "" = AutoRun O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\AutoRun\command - "" = •Ë O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\explore\Command - "" = RECYCLER\INFO.exe O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\open\Command - "" = RECYCLER\INFO.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.18 15:55:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\* * *\Desktop\OTL.exe [2012.06.15 20:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.15 19:35:29 | 000,000,000 | ---D | C] -- C:\Users\* * *\AppData\Roaming\Malwarebytes [2012.06.15 19:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.15 19:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.15 19:35:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.15 19:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.13 11:37:14 | 000,000,000 | ---D | C] -- C:\Users\* * *\Desktop\20120613dawanda [2012.06.11 14:24:25 | 000,000,000 | ---D | C] -- C:\Users\* * *\Documents\Beihilfe [2012.06.03 11:45:06 | 000,000,000 | ---D | C] -- C:\Users\* * *\Documents\Gebrauchsanweisungen Babysitter ========== Files - Modified Within 30 Days ========== [2012.06.18 15:58:17 | 001,454,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.18 15:58:17 | 000,632,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.18 15:58:17 | 000,599,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.18 15:58:17 | 000,127,714 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.18 15:58:17 | 000,105,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.18 15:55:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\* * *\Desktop\OTL.exe [2012.06.18 15:51:06 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.18 15:51:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 15:51:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 15:50:54 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.06.18 15:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.18 15:50:42 | 4289,576,960 | -HS- | M] () -- C:\hiberfil.sys [2012.06.18 15:49:27 | 000,000,188 | ---- | M] () -- C:\Users\* * *\defogger_reenable [2012.06.18 15:28:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.18 15:21:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.15 22:03:00 | 000,405,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.15 19:35:21 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.14 13:04:01 | 000,000,732 | ---- | M] () -- C:\Users\* * *\AppData\Local\d3d9caps64.dat [2012.06.13 11:55:33 | 000,144,896 | ---- | M] () -- C:\Users\* * *\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.12 12:22:58 | 000,011,523 | ---- | M] () -- C:\Users\* * *\Desktop\100.jpg [2012.06.11 10:20:08 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job ========== Files Created - No Company Name ========== [2012.06.18 15:49:27 | 000,000,188 | ---- | C] () -- C:\Users\* * *\defogger_reenable [2012.06.18 15:48:46 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\80000000.@ [2012.06.18 11:58:39 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ [2012.06.18 11:58:38 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@ [2012.06.15 19:35:21 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.12 12:23:12 | 000,011,523 | ---- | C] () -- C:\Users\* * *\Desktop\100.jpg [2012.01.13 22:29:17 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\@ [2012.01.13 22:29:17 | 000,002,048 | -HS- | C] () -- C:\Users\* * *\AppData\Local\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\@ [2011.12.13 17:53:03 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011.12.13 17:53:02 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.12.13 17:53:02 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.12.13 17:53:02 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.12.13 17:53:02 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.12.13 17:53:02 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.12.13 17:53:02 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.12.13 17:53:02 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.12.13 17:53:02 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.12.13 17:53:02 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.12.13 17:53:02 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.12.13 17:53:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.12.13 17:53:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.12.13 17:53:02 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.12.13 17:53:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.12.13 17:53:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.12.13 17:53:02 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.12.13 17:53:02 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.12.13 17:53:02 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.12.13 17:51:37 | 000,000,025 | ---- | C] () -- C:\Windows\CDEBX300DEFGIPS.ini [2011.12.08 17:55:07 | 000,000,732 | ---- | C] () -- C:\Users\* * *\AppData\Local\d3d9caps64.dat [2011.11.13 10:43:16 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2011.11.13 10:43:16 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2011.11.13 10:43:15 | 000,559,104 | ---- | C] () -- C:\Windows\SysWow64\lame.exe [2011.11.13 10:43:15 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.11.13 10:43:12 | 000,693,765 | ---- | C] () -- C:\Users\* * *\AppData\Roaming\unins000.exe [2011.11.13 10:43:12 | 000,007,900 | ---- | C] () -- C:\Users\* * *\AppData\Roaming\unins000.dat [2011.11.02 19:48:53 | 000,000,000 | ---- | C] () -- C:\Users\* * *\AppData\Local\{29BC51ED-79B0-47D1-B13C-F2FA9DD19CFE} [2011.05.29 10:53:14 | 000,038,443 | ---- | C] () -- C:\Users\* * *\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.03.02 23:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.03.02 23:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.03.02 23:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.03.02 23:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.03.02 23:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== LOP Check ========== [2011.11.13 10:44:02 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\concept design [2011.12.30 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\DAEMON Tools Lite [2011.12.13 17:59:12 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\EPSON [2010.09.03 18:08:36 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\FileZilla [2012.03.25 10:40:25 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\GARMIN [2011.09.18 22:55:35 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\MyPhoneExplorer [2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Nokia [2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Nokia Ovi Suite [2010.03.28 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\PC Suite [2011.03.06 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\PCDr [2011.05.29 11:11:58 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Samsung [2009.10.28 22:33:49 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Template [2009.10.11 17:00:24 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Thunderbird [2012.06.11 10:20:08 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012.06.18 15:49:57 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.18 15:50:54 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.06.2012 15:56:04 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\* * *\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,92% Memory free 8,16 Gb Paging File | 6,06 Gb Available in Paging File | 74,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,40 Gb Total Space | 38,78 Gb Free Space | 13,68% Space Free | Partition Type: NTFS Drive D: | 14,65 Gb Total Space | 6,79 Gb Free Space | 46,35% Space Free | Partition Type: NTFS Computer Name: MEPHISTO | User Name: * * * | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 95 78 CE FD CF D6 CA 01 [binary data] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit) "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{E87F997C-3E93-6DAD-1AE6-619002BA9623}" = ccc-utility64 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock "9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1) "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility "C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8) "CCleaner" = CCleaner "Creative OA008" = Integrated Webcam Driver (1.04.01.0601) "Dell Support Center" = Dell Support Center "EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "MyDefrag v4.3.1_is1" = MyDefrag v4.3.1 "SynTPDeinstKey" = Dell Touchpad [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0CE69E03-1021-EB74-0836-C706CADC213A}" = Catalyst Control Center Localization Korean "{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault "{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI "{15F7FA6D-8FC5-08FD-2727-8AE6811A2A0D}" = CCC Help Russian "{180BEABD-453E-4047-96B4-4F86EE605589}" = CCC Help Danish "{181A0114-24D5-9E74-0138-4C8C27ED3EAC}" = Catalyst Control Center Graphics Light "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI "{1E5196FA-47EF-F0C7-847B-960F3349E9B5}" = CCC Help Finnish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2094F083-B28B-AFFD-4075-49E803BE17B7}" = CCC Help Italian "{2116C03A-7111-9669-8009-9FD7F5AABA20}" = Catalyst Control Center Graphics Full New "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23467AA2-058A-1064-40C5-E0E0533C2D7D}" = Catalyst Control Center Localization French "{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29 "{26B29DE2-7759-F8BB-FB10-98142B343C8C}" = CCC Help Korean "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "{2FB28284-51D3-C991-3940-694B1B629F2B}" = Catalyst Control Center Localization German "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI "{3945F4B5-0FAD-38E3-B39B-2F497550C847}" = CCC Help French "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3F6107B9-D211-EBCC-EA41-BD2FAC156A23}" = Catalyst Control Center Localization Japanese "{3FD8C713-B1D5-D973-5351-50A918C02749}" = Catalyst Control Center Core Implementation "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI "{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI "{586DD9D2-09B2-D1DB-AD2A-95194A771C49}" = CCC Help Dutch "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{6C16A05F-C202-578A-108C-AFA4D9167CCC}" = Catalyst Control Center Localization Spanish "{6C6D7326-770A-812B-B104-442F71A826F8}" = Catalyst Control Center Localization Russian "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6EA1C352-4D16-5A9F-7751-D7AE08AA7F63}" = Catalyst Control Center Localization Chinese Traditional "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72085899-3540-2F67-F5C7-46FF826A235F}" = CCC Help German "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{74622EDD-7879-3185-976D-A6098420D889}" = CCC Help Portuguese "{7505BBE5-CB0C-5027-1228-15CC7C26C4C3}" = CCC Help English "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76C4BA9A-BFA5-151D-8A39-AA0E74041F83}" = Catalyst Control Center Localization Danish "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77A5C01F-E04C-9616-2E3D-D78CF889712B}" = Catalyst Control Center Graphics Full Existing "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79D34E3B-8826-170B-8B3D-A9CD9C2D28F5}" = ccc-core-static "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7CDF0744-7A0D-961B-3695-49756E822FC4}" = Catalyst Control Center Localization Swedish "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI "{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{8247BD1D-C258-DBEE-3225-B9F0214763AB}" = CCC Help Japanese "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92491D2C-D9E9-5FDD-64CD-82D5688872A9}" = Catalyst Control Center Localization Italian "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI "{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EF77B2D-FF26-9237-BBAB-127110FD65CC}" = Catalyst Control Center Localization Portuguese "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACB08AF2-DFE9-C179-8BC9-E3209F3EBC28}" = CCC Help Chinese Traditional "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI "{BB5F88FC-5D66-9316-0E48-E411941A8A74}" = Catalyst Control Center Graphics Previews Vista "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C17280C4-8BF2-946A-9C51-EEB2CD216D89}" = Catalyst Control Center Graphics Previews Common "{C5D85C24-A56B-6954-77F1-B25A4B4E7B52}" = CCC Help Spanish "{C8C5CE76-860E-B5FA-27EA-C52C74DDBD2D}" = Catalyst Control Center Localization Finnish "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CDCFA0B9-06DA-C47E-2CF1-37C5F25DF753}" = Catalyst Control Center InstallProxy "{D071B7C5-07A2-D000-05B8-2DE6A63249D9}" = Catalyst Control Center Localization Norwegian "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "{D2D3882A-3624-2963-EA08-27589DBCEF8A}" = CCC Help Norwegian "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2 "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E8E8C42E-E817-C7DA-1A81-BFD8388B4014}" = CCC Help Swedish "{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{EFD537AE-0530-8887-DC9C-433E113547D7}" = Catalyst Control Center Localization Chinese Standard "{F081ED08-77AE-8019-D554-904EF4F88FC1}" = CCC Help Chinese Standard "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F133ACD4-CFCF-BADD-4AC5-9408E2E7FD74}" = Catalyst Control Center Localization Dutch "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein "{FB56BF24-6AB9-AC55-5B7A-D3657D2F4A38}" = Skins "{FF6E1E83-CD7F-49E9-AE8C-D9804372D1FC}_is1" = CD goes MP3 7 Platinum "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Advanced Audio FX Engine" = Advanced Audio FX Engine "Avira AntiVir Desktop" = Avira Free Antivirus "Company of Heroes" = Company of Heroes - Opposing Fronts "Dell Video Chat" = Dell Video Chat "Dell Webcam Central" = Dell Webcam Central "DivX Content Uploader" = DivX Content Uploader "ENTERPRISER" = Microsoft Office Enterprise 2007 "EPSON Scanner" = EPSON Scan "EPSON Stylus Office BX300F_TX300F Benutzerhandbuch" = EPSON Stylus Office BX300F_TX300F Handbuch "ESET Online Scanner" = ESET Online Scanner v3 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HotspotShield" = Hotspot Shield 2.24 "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Mobile Partner" = Mobile Partner "MPE" = MyPhoneExplorer "Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9 "VLC media player" = VLC media player 1.0.1 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09.01.2012 08:15:02 | Computer Name = mephisto | Source = Windows Search Service | ID = 3013 Description = Error - 09.01.2012 17:56:38 | Computer Name = mephisto | Source = EventSystem | ID = 4621 Description = Error - 13.01.2012 16:21:14 | Computer Name = mephisto | Source = WinMgmt | ID = 10 Description = Error - 13.01.2012 16:32:02 | Computer Name = mephisto | Source = Perflib | ID = 1010 Description = Error - 13.01.2012 16:32:04 | Computer Name = mephisto | Source = Perflib | ID = 1008 Description = Error - 13.01.2012 19:45:34 | Computer Name = mephisto | Source = EventSystem | ID = 4621 Description = Error - 15.01.2012 09:47:57 | Computer Name = mephisto | Source = WinMgmt | ID = 10 Description = Error - 15.01.2012 15:13:39 | Computer Name = mephisto | Source = WinMgmt | ID = 10 Description = Error - 15.01.2012 15:22:05 | Computer Name = mephisto | Source = Perflib | ID = 1010 Description = Error - 15.01.2012 15:22:06 | Computer Name = mephisto | Source = Perflib | ID = 1008 Description = [ Broadcom Wireless LAN Events ] Error - 26.04.2012 06:17:07 | Computer Name = mephisto | Source = WLAN-Tray | ID = 0 Description = 12:17:06, Thu, Apr 26, 12 Error - Unable to gain access to user store [ Dell Events ] Error - 21.01.2012 07:41:46 | Computer Name = mephisto | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 21.01.2012 07:43:53 | Computer Name = mephisto | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 21.01.2012 07:43:53 | Computer Name = mephisto | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 21.01.2012 07:48:55 | Computer Name = mephisto | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 21.01.2012 07:48:55 | Computer Name = mephisto | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 25.01.2012 12:52:24 | Computer Name = mephisto | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 25.01.2012 12:52:24 | Computer Name = mephisto | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 30.03.2012 13:10:07 | Computer Name = mephisto | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 30.03.2012 13:10:07 | Computer Name = mephisto | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. Error - 02.04.2012 14:16:38 | Computer Name = mephisto | Source = DataSafe | ID = 17 Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte. [ Media Center Events ] Error - 09.09.2010 07:13:18 | Computer Name = mephisto | Source = MCUpdate | ID = 0 Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'. [ System Events ] Error - 15.06.2012 16:03:46 | Computer Name = mephisto | Source = Service Control Manager | ID = 7023 Description = Error - 15.06.2012 16:03:46 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003 Description = Error - 15.06.2012 16:03:46 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003 Description = Error - 16.06.2012 04:28:39 | Computer Name = mephisto | Source = Service Control Manager | ID = 7023 Description = Error - 16.06.2012 04:28:39 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003 Description = Error - 16.06.2012 04:28:39 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003 Description = Error - 18.06.2012 05:21:01 | Computer Name = mephisto | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error - 18.06.2012 09:51:59 | Computer Name = mephisto | Source = Service Control Manager | ID = 7023 Description = Error - 18.06.2012 09:51:59 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003 Description = Error - 18.06.2012 09:51:59 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003 Description = < End of report > Vielen Dank für Eure Bemühungen Ilka Geändert von kjkjjj1108 (18.06.2012 um 16:20 Uhr) |
Themen zu Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI |
7-zip, autorun, avira, bho, bingbar, browser, call of duty, dateisystem, desktop, device driver, error, fehler, firefox, flash player, frage, google, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, hotspot, hotspot shield, install.exe, internet, internet explorer, logfile, microsoft office word, mp3, nt.dll, office 2007, plug-in, programm, registry, searchscopes, senden, software, usb, verweise, vista, warnung, windows, world at war |