| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus/Trojaner noch am Pc?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.01.2013, 12:06
| #1 |
 |  Virus/Trojaner noch am Pc? Virus/Trojaner? Liebe Alle, Ich habe gestern ausnahmsweise ein Download-Programm heruntergeladen namens wxdownload. Anschließend meldete Avira einen verdächtigen Fund und fand 4 schädliche Dateien, die ich in Quarantäne gesteckt und anschließend gelöscht habe. (Eines davon war ind er ZWischenzeit schon von Malwarebytes gefunden worden und ich hatte es gelöscht). Dann fiel mir beim Durchsehen der Programme unter Systemsteuerung auf, dass OptimizerPro auf meinem Pc war, das ich daraufhin deinstalliert habe. Außderm fielen mir Zinio Reader 4 und Rocio Creator Starter auf, die anscheinend manchmal bei Dell mitinstalliert sind, mir aber vorher unbekannt waren. Habe sie sicherheitshalber auch gelöscht. Nun möchte ich sicher gehen, dass mein Pc wieder schädlingsfrei ist. Bin leider in dieser Richtung selbst unbegabt und deswegen hier. Vielen lieben Dank im Vorhinein schon für eure Hilfe. Ich habe Malwarebytes und Avira beide nochmalscannen lassen, da wurde nichts mehr gefunden Werde nun die Hilfe-leistungs-Anleitung ab Punkt 2 durchgehen und mich wieder melden. hier das Ergebnis von OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.01.2013 12:08:37 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laura\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,89 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 47,69% Memory free 7,78 Gb Paging File | 4,73 Gb Available in Paging File | 60,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,13 Gb Total Space | 309,26 Gb Free Space | 69,32% Space Free | Partition Type: NTFS Computer Name: LAURA-PC | User Name: Laura | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.27 11:55:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Downloads\OTL.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.01.10 22:11:13 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.21 13:48:28 | 003,110,808 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe PRC - [2012.08.20 20:30:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.11 18:31:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.11 18:31:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.31 23:04:38 | 000,150,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe PRC - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.10.18 17:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011.10.18 17:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011.10.18 17:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011.10.18 17:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2011.09.22 16:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011.09.22 16:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2011.09.21 16:30:12 | 004,109,312 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE PRC - [2011.08.12 05:36:46 | 000,109,184 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe PRC - [2011.06.29 14:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe PRC - [2011.06.28 01:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe PRC - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ========== Modules (No Company Name) ========== MOD - [2013.01.10 22:11:12 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.01.10 09:32:58 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4f91a66a3f10565b979b758f6f08e8cc\WindowsFormsIntegration.ni.dll MOD - [2013.01.10 09:32:54 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\07ea9ea39e1fddc8e4fe8850c849309e\System.WorkflowServices.ni.dll MOD - [2013.01.10 09:32:19 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll MOD - [2013.01.10 09:32:14 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll MOD - [2013.01.10 09:32:08 | 009,922,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\302009432d51f2682c384a8dd5a8cda6\System.Data.Entity.ni.dll MOD - [2013.01.10 09:30:52 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.01.10 09:28:57 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll MOD - [2013.01.10 09:24:20 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll MOD - [2013.01.10 09:24:04 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll MOD - [2013.01.10 09:24:02 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll MOD - [2013.01.10 09:24:00 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll MOD - [2013.01.10 09:23:45 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 09:23:32 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll MOD - [2013.01.10 09:23:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 09:23:26 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll MOD - [2013.01.10 09:23:25 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll MOD - [2013.01.10 09:23:24 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll MOD - [2013.01.10 09:23:20 | 001,117,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\abf5f0f6b5d995fb86b0529ac85e14ed\System.DirectoryServices.ni.dll MOD - [2013.01.10 09:23:19 | 001,044,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\dac9bb4d4745a4227e7ed701498a9469\System.Printing.ni.dll MOD - [2013.01.10 09:23:18 | 002,157,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\284f81850cf194b71156025b06e74e06\ReachFramework.ni.dll MOD - [2013.01.10 09:23:16 | 001,658,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\679ef75106538d0be017771ec0ceec94\PresentationUI.ni.dll MOD - [2013.01.10 09:23:13 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5f3769db958cc666dc98cb7748a84ac9\PresentationFramework.ni.dll MOD - [2013.01.10 09:23:00 | 000,039,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\2f32b665b25e874e0222f7be18b0161f\PresentationCFFRasterizer.ni.dll MOD - [2013.01.10 09:22:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013.01.10 09:22:52 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 09:22:51 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\43f1725719239288707661115956470e\System.Deployment.ni.dll MOD - [2013.01.10 09:22:50 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a7424b1be331f4b534ea24e0c21dbe47\UIAutomationTypes.ni.dll MOD - [2013.01.10 09:22:49 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll MOD - [2013.01.10 09:22:49 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013.01.10 09:22:48 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\45e239d35a2c14b841dd4ef2c186ff2f\PresentationCore.ni.dll MOD - [2013.01.10 09:22:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 09:22:35 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll MOD - [2013.01.10 09:22:31 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 09:22:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 09:22:26 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 09:22:22 | 000,015,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\9d2a9fc04e660079633eb74b37a1d77c\Microsoft.VisualC.ni.dll MOD - [2013.01.10 09:22:21 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.03.30 11:15:57 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2011.12.31 23:04:40 | 000,891,688 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll MOD - [2011.12.31 23:04:28 | 000,251,688 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll MOD - [2011.09.22 16:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2011.06.29 14:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe MOD - [2011.06.28 01:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe MOD - [2011.06.28 01:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll MOD - [2011.06.25 05:32:36 | 000,323,136 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll MOD - [2011.06.25 05:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll MOD - [2010.12.17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe MOD - [2010.11.21 07:49:35 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll MOD - [2010.11.21 07:49:35 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_de_b77a5c561934e089\System.Data.Entity.resources.dll MOD - [2010.11.21 07:49:35 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010.11.21 07:49:35 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2010.11.21 07:49:27 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2010.11.21 07:49:25 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.03.22 21:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll MOD - [2010.03.17 02:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll MOD - [2010.03.17 02:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll MOD - [2010.03.17 02:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll MOD - [2010.03.12 01:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll MOD - [2010.03.12 01:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll MOD - [2010.03.05 21:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll MOD - [2010.03.05 21:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.26 09:52:34 | 000,182,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012.12.26 09:49:32 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012.12.26 09:47:40 | 000,241,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012.11.16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2011.11.01 19:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011.11.01 19:25:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011.11.01 19:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2011.10.21 00:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2011.10.19 20:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011.08.12 05:36:46 | 000,109,184 | ---- | M] (Conexant Systems, Inc.) [On_Demand | Running] -- C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe -- (CxUtilSvc) SRV:64bit: - [2011.05.12 14:06:38 | 000,200,320 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV:64bit: - [2011.03.08 23:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk) SRV:64bit: - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.01.25 20:35:17 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.10 22:11:13 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.11 18:31:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.11 18:31:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.10.18 17:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.10.18 17:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.10.18 17:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2011.09.22 16:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.08.26 02:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.26 09:55:26 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2012.12.26 09:52:44 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012.12.26 09:51:24 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012.12.26 09:50:48 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012.12.26 09:49:42 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012.12.26 09:49:00 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012.12.26 09:48:30 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.11 18:31:18 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.11 18:31:18 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012.03.30 11:16:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.03.30 11:16:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.09 18:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011.12.02 02:57:06 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.11.15 00:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.10.19 20:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.10.19 20:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.09.16 15:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.14 01:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.09.14 01:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.08.29 22:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.06.24 04:19:44 | 001,446,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.06.10 20:04:38 | 001,591,936 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.05.17 15:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011.05.17 15:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011.04.15 20:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.23 19:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.01.20 17:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.13 18:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010.12.09 05:29:58 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MCfilt64.sys -- (MCfilt) DRV:64bit: - [2010.12.02 09:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.08.20 10:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.11.01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D3206E21-8825-4BFA-9809-D55DFC854C8A} IE:64bit: - HKLM\..\SearchScopes\{D3206E21-8825-4BFA-9809-D55DFC854C8A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {D3206E21-8825-4BFA-9809-D55DFC854C8A} IE - HKLM\..\SearchScopes\{D3206E21-8825-4BFA-9809-D55DFC854C8A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Offizielle Seite | Dell Österreich IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Forestle IE - HKCU\..\SearchScopes,DefaultScope = {D3206E21-8825-4BFA-9809-D55DFC854C8A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://hotmail.com" FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5 FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013.01.25 10:14:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 11:59:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.10.27 01:30:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 11:59:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.04 13:57:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Extensions [2013.01.26 19:10:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\zshaoc9g.default\extensions [2012.11.15 08:32:19 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\zshaoc9g.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.01.08 22:24:13 | 000,223,719 | ---- | M] () (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\zshaoc9g.default\extensions\isreaditlater@ideashower.com.xpi [2012.12.11 22:19:39 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\zshaoc9g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.24 11:41:32 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\zshaoc9g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.26 19:04:37 | 000,002,422 | ---- | M] () -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\zshaoc9g.default\searchplugins\babylon1.xml [2012.06.28 21:11:45 | 000,002,314 | ---- | M] () -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\zshaoc9g.default\searchplugins\forestle-at.xml [2013.01.19 11:59:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.10 22:11:13 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 09:00:34 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120712231236.dll (McAfee, Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120712231236.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Laura\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Laura\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADF71D4B-19A0-41C8-A008-34204C9A9987}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B617CBFF-DF22-42A9-BB84-7FC9336FD922}: DhcpNameServer = 195.34.133.21 212.186.211.21 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.26 23:18:23 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Roxio Log Files [2013.01.26 22:13:53 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{B39FED21-FD79-4C9D-A800-D5AA2B9D2669} [2013.01.26 21:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.01.26 19:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ClickIT [2013.01.26 19:04:10 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Babylon [2013.01.26 19:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.01.26 19:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013.01.26 18:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2013.01.26 18:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2013.01.26 18:31:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip [2013.01.26 10:13:14 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{73734DF7-B301-4E10-A699-4474D2A5FB2C} [2013.01.25 10:12:11 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{8AE071B9-2D40-4823-9416-9969378E2A7D} [2013.01.24 08:31:37 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{8DE4490F-FB4D-431E-9EC4-76D604605C14} [2013.01.23 20:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.01.23 20:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.01.23 20:26:50 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{8C2AF5BD-5577-4BBD-85B7-3427D9F6E0A3} [2013.01.22 20:37:41 | 000,000,000 | ---D | C] -- C:\Users\Laura\Desktop\tdj [2013.01.22 20:37:35 | 000,000,000 | ---D | C] -- C:\Users\Laura\Desktop\wohnung [2013.01.22 20:28:34 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{B20D8A44-85BA-429B-A051-059C099EA68E} [2013.01.22 08:27:41 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{BF58BDD0-0C4A-438D-8B06-4CA467690C99} [2013.01.21 08:32:26 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{A4B73C47-068D-4B2C-9EC4-7CD9AF650D89} [2013.01.20 09:46:22 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{D2149779-0D41-4E64-9977-4C115CB72DD1} [2013.01.19 11:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.19 11:39:20 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{AEB08AD4-DD0D-4DEC-AAB4-B1FCED16240B} [2013.01.18 09:40:34 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{09A03739-0401-4C93-A8A6-93AED160C65B} [2013.01.17 20:54:00 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{EFC3D820-B1BC-496F-BF91-21AC1311A4B2} [2013.01.17 08:53:23 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{83E8412C-7222-4F83-830B-A9C0DEC2B508} [2013.01.16 20:52:44 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{24363A33-9C75-40F0-9A4B-3564AB6D218A} [2013.01.16 08:52:07 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{D8E32A15-3D6A-4E38-99F1-F4AB2B54F22F} [2013.01.15 10:44:59 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{719040E5-D3D2-4F1B-8BC2-196F73B4EBFC} [2013.01.14 20:50:00 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{72292AEA-EE02-4ED5-A379-993B1AC8F0C1} [2013.01.14 08:49:34 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{181454C6-C010-4D64-8022-8D2665C057BD} [2013.01.13 12:33:09 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{B96938D9-F120-490C-B495-98356B60DD52} [2013.01.12 09:58:01 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{14BBC482-9897-43B4-87E3-B751A2607DE0} [2013.01.11 21:23:31 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{E36C99D9-FF72-464C-8E43-903E7D12DCBF} [2013.01.11 09:22:53 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{323ACEF2-40AB-4A5D-8C7D-16D14F2BE882} [2013.01.10 21:18:44 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{A52AEC41-171A-447D-A3AF-160822B7A0FB} [2013.01.10 09:18:05 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{30E00925-9677-4079-BF40-208B3D5E250D} [2013.01.09 09:41:32 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{6D3A9A2D-387C-4844-82EC-72F7E8A6876D} [2013.01.08 21:40:52 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{D2375D80-9BB7-4376-9D91-40244202A5C2} [2013.01.08 11:39:36 | 000,000,000 | ---D | C] -- C:\Users\Laura\Desktop\serie [2013.01.08 09:40:01 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{A2263D1D-AE19-48C1-9A61-2DC7A26B4880} [2013.01.06 09:53:57 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{C6FC79F9-FE16-4A8B-9099-4377995A346A} [2013.01.05 12:10:37 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{59AA485E-639E-485A-A556-B8A8EBEBFFAB} [2013.01.04 16:08:37 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{D3A4CB56-C073-4AD7-842C-5A3673962894} [2012.12.31 17:16:38 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{AD4ED556-D21A-4488-97B1-D3ED42AB2A68} [2012.12.30 16:50:30 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{FFB0632E-5753-41E3-8981-A268CE96D36D} [2012.12.29 12:02:09 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{15D5CE6A-F674-4C50-A7FE-1DB137FE5580} ========== Files - Modified Within 30 Days ========== [2013.01.27 12:15:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.27 12:07:22 | 000,000,000 | ---- | M] () -- C:\Users\Laura\defogger_reenable [2013.01.27 11:52:48 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.27 11:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.27 11:05:41 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.27 11:05:41 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.27 10:51:13 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.27 10:51:13 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.27 10:51:13 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.27 10:51:13 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.27 10:51:13 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.27 10:49:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.26 21:30:06 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.26 21:28:36 | 3132,346,368 | -HS- | M] () -- C:\hiberfil.sys [2013.01.26 18:31:27 | 000,002,233 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk [2013.01.25 18:00:04 | 000,001,053 | ---- | M] () -- C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.12 18:10:01 | 001,218,893 | ---- | M] () -- C:\Users\Laura\Desktop\DIPLOMARBEIT FINALE.pdf [2013.01.10 09:15:18 | 000,423,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 10:54:58 | 001,590,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2013.01.27 12:07:22 | 000,000,000 | ---- | C] () -- C:\Users\Laura\defogger_reenable [2013.01.26 18:31:27 | 000,002,233 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk [2013.01.12 18:07:53 | 001,218,893 | ---- | C] () -- C:\Users\Laura\Desktop\DIPLOMARBEIT FINALE.pdf [2012.11.24 12:06:51 | 000,000,055 | ---- | C] () -- C:\Users\Laura\AppData\Roaming\mbam.context.scan [2012.03.30 10:53:25 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2012.03.30 10:52:52 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.30 10:52:49 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.30 10:52:47 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.30 10:52:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.03.30 10:52:45 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.02.11 11:22:50 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.26 19:04:10 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Babylon [2013.01.27 12:20:12 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Dropbox [2012.10.22 18:45:33 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\DVDVideoSoft [2012.10.22 18:45:04 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.02 15:40:28 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Fingertapps [2012.07.07 15:35:09 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\OpenOffice.org [2012.07.18 11:11:14 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\PCDr [2012.07.18 10:27:34 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\pdfforge [2012.04.04 16:10:45 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\SoftGrid Client [2012.04.02 17:03:34 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\TP ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.01.2013 12:08:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laura\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,89 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 47,69% Memory free
7,78 Gb Paging File | 4,73 Gb Available in Paging File | 60,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 309,26 Gb Free Space | 69,32% Space Free | Partition Type: NTFS
Computer Name: LAURA-PC | User Name: Laura | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F430E68-0FD2-4A51-9111-3FAA2B341BD6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F66A367-172C-4005-A6A1-B850D58C986D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{12CD04F4-9F22-414F-9C46-12C691071B9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A928C83-853A-4FF4-AE4A-1D5E99CF7629}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{27C60D99-1C0C-440D-9B1D-8B79422B6796}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{2B200B6B-3E37-430E-9591-CDF0C93656BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A4975AC-0B8C-45D6-AA54-B462678326E4}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{5F764EEA-D389-4DC2-98CE-56EFCED27B7B}" = lport=139 | protocol=6 | dir=in | app=system |
"{60D227A8-CEF0-4B17-A79D-1E187CDDDA04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6DB53F7A-0BA5-44BB-BD69-90DF75C60111}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{763C862A-AEA8-448E-BE0C-9990F2A962B6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79171982-C1C2-444F-87BB-B277C1AEB07D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E8D1BDA-F583-4AF1-B81A-3E5DBA0570A0}" = lport=137 | protocol=17 | dir=in | app=system |
"{85A40337-9A86-4329-B906-4A97D4515273}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9284DF4C-361D-4A3C-A7FB-F1AA245037F9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9368A39E-909C-416A-9CEB-9C4FB9CEEA26}" = rport=137 | protocol=17 | dir=out | app=system |
"{9A514532-828D-4DA2-9513-B6BE1F406800}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{A5E76115-0A7B-4C14-8E73-DF8D86C58F1A}" = rport=138 | protocol=17 | dir=out | app=system |
"{AAE51DAD-E601-4FF0-8BCB-7F8075AFA956}" = rport=445 | protocol=6 | dir=out | app=system |
"{B7878BCF-1C9C-4559-ADE4-160FEA064789}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B9096231-65A3-4A2D-B35D-C58754FD0A95}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BD343FA9-E400-4BDD-843E-F468839F5C79}" = lport=445 | protocol=6 | dir=in | app=system |
"{C36E7385-87DB-4836-B3FE-B5AE45CA4394}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{C5A12BD4-79FA-4D64-9C23-0CEEBD7E6AD6}" = rport=139 | protocol=6 | dir=out | app=system |
"{D005C09E-DAF2-41EB-AA34-6F4294548EA2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD8ECBA8-2D7A-40CE-9587-F6E286F20B89}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E8FFC496-E97E-4916-9603-A3624FBFBB6B}" = lport=138 | protocol=17 | dir=in | app=system |
"{F0CCBBBA-88EC-4577-ADC6-18763D37B586}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{F2905744-785C-4677-ADA8-993B8DA6D786}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FCE16640-F499-42E8-99CA-6CA5FA544B21}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00925E02-DAF4-4718-97E4-19FF59873744}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{0344B9FD-19A6-4D83-A055-630D9546F6A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0979E5AF-EB7D-463D-8448-EFB3D08E16BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0B5E4295-A1A9-4828-A3EE-78A63C987669}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{113D1593-6B64-435E-9B45-276002B531B6}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{1676F2B5-6331-4312-B7A1-32293506E21F}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{1828EBEA-08C9-4CA0-A231-1C4191E1F2B7}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{20B51E7E-9B2A-4BB6-835A-4CD7301248C4}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{24588A2E-F35C-4010-9472-F74F35CAB28B}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{2735CACE-33C1-41BD-AB60-8EA9AB9315F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28CBA878-BF40-47AA-AFCD-174CE10959E9}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{2CCD0615-0690-4E44-A352-77DE819E60A1}" = protocol=17 | dir=in | app=c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe |
"{2D6FC5BE-BD5F-4046-B2E7-EEB978F7A7E1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nero\bdcore\nero blu-ray player\blu-rayplayer.exe |
"{334100A9-6861-4CC2-81BB-0B2E1124771A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{36AD557A-1C38-471B-8A61-B2BA0DBD4E49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A018522-EEFB-4D11-91DB-BAAAF6547B44}" = protocol=58 | dir=in | app=system |
"{42EAAF37-1A6F-44F9-89A1-A5095C13C66D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{51E5DDDA-AE91-4A65-BB1F-71E6FAE340D7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{64EDD5DD-ED90-41D0-9556-B60F002D10E0}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{72C37894-A265-41E0-B19A-698A6A111253}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{72FA1431-5AFD-4F34-860A-7969BC3F7A84}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{773BDC67-2DF2-4247-88B1-C12EE648A20B}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{82B5345F-BB77-439D-9798-EC22B06E7CEE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{8EC617A4-FA76-4326-89BB-82D5C227BDD0}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{91619A19-9183-4A1E-BDAA-653704DE52B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{947E6341-ECE4-442A-BA2F-A538E15886C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{962D1A3F-3A6C-4250-A9FB-2F6C317030E9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{99D7EFFE-ACE9-482F-8868-ED03B8AD7D8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99FA99AE-25D1-49DD-B45A-9955B1D267FB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9A2720CC-4D9D-43FD-82A8-AAF651EC2A59}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{9E6A91A2-758D-4E0E-BA60-D3EE1B714DA1}" = protocol=6 | dir=out | app=system |
"{A0836DE2-A6E9-454C-864A-1D8468B6058B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B04851F2-72AD-47C0-BD68-F7A71F8265C7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nero\bdcore\nero blu-ray player\blu-rayplayer.exe |
"{B32EE825-B6FB-4152-A213-CBD5814E6B69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4950BAB-C3C0-452F-AE3A-89F1A7584027}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B50008B5-554B-49A2-A3D1-249F23B39B0A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B736DD0D-BEA5-453B-918A-B20E46AF3D4D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BCA046DF-3A03-4B25-A9D6-60E8473EA3B5}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{BD700A39-7159-42FC-ADF8-A51A8B6339B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE4F3308-02A5-497F-A8FF-AC3E3342804E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C04BE020-341F-4A48-9C7B-1D1446FFAFEC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2523393-CD87-4B01-B8A0-6D5249B1951D}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{C32B480D-E059-4CB1-990E-D8FA3BF44576}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CA52E058-F7E6-4B8C-9BE0-815DE2C427CC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D4BCA62A-BA16-42B3-95BA-62FAB211AE69}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D7C49AEC-1DB7-4E0E-B969-4A456A337C89}" = protocol=6 | dir=in | app=c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe |
"{DECA00E4-4A88-4925-9842-D234CBFBF581}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{ED3C6BEA-A77D-4351-8FAC-BAB49C340F7D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F588CC30-110F-443B-A6E1-042C96F983DD}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{F7C4F5C0-07E4-45CB-9A96-8A2EB5E47193}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB0A6E28-9B67-4CB4-99DF-A1BB492CDC9F}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82CD33B2-1DE6-4663-B6F0-1592B2376F78}" = VS10Runtimex64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi-Software
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant SmartAudio HD
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Dell Support Center
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel(R) WiDi
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E90B7F4-1817-4405-B4A5-E4EA5EC0E2B3}" = Dell MusicStage
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}" = WinZip 17.0
"{CE5EBCBC-5D83-4637-967E-5E06CA89A996}" = Dell Stage
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"ProInst" = Intel PROSet Wireless
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.01.2013 07:09:15 | Computer Name = Laura-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.01.2013 04:52:38 | Computer Name = Laura-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.01.2013 03:57:57 | Computer Name = Laura-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 7180 (0x1c0c) Thread address : 0x000000007742138A Thread message : Build VSCORE.15.1.0.513
/ 5500.1093 Object being scanned = \Device\HarddiskVolume3\Windows\Prefetch\AgCx_SC1.db.trx
by C:\Windows\System32\svchost.exe 7011(23547509)(0) 93(23547509)(0) 5(23547509)(0)
4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
Error - 07.01.2013 18:28:35 | Computer Name = Laura-PC | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 6.0.0.126 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1340 Startzeit:
01cded009d5f2e75 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID:
Error - 08.01.2013 04:40:30 | Computer Name = Laura-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.01.2013 14:47:56 | Computer Name = Laura-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.01.2013 03:12:28 | Computer Name = Laura-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2013 04:15:54 | Computer Name = Laura-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2013 14:15:14 | Computer Name = Laura-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.01.2013 04:20:42 | Computer Name = Laura-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 21.01.2013 15:04:11 | Computer Name = Laura-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\IWMSSvc.dll
Error - 21.01.2013 15:04:11 | Computer Name = Laura-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\IWMSSvc.dll
Error - 22.01.2013 13:56:11 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 23.01.2013 15:26:09 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 24.01.2013 03:30:50 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 25.01.2013 05:10:37 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 26.01.2013 11:53:38 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 26.01.2013 14:20:26 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 26.01.2013 14:20:56 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 26.01.2013 16:30:12 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
< End of report >
GMER 2.0.18444 - GMER - Rootkit Detector and Remover Rootkit scan 2013-01-27 13:38:10 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.D005 465,76GB Running: gmer-2.0.18444.exe; Driver: C:\Users\Laura\AppData\Local\Temp\ugloapob.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075081401 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075081419 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075081431 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007508144a 2 bytes [08, 75] .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750814dd 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750814f5 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007508150d 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075081525 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007508153d 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075081555 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007508156d 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075081585 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007508159d 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750815b5 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750815cd 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750816b2 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750816bd 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075081401 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075081419 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075081431 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007508144a 2 bytes [08, 75] .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750814dd 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750814f5 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007508150d 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075081525 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007508153d 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075081555 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007508156d 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075081585 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007508159d 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750815b5 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750815cd 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750816b2 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750816bd 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075081401 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075081419 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075081431 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007508144a 2 bytes [08, 75] .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750814dd 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750814f5 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007508150d 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075081525 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007508153d 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075081555 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007508156d 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075081585 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007508159d 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750815b5 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750815cd 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750816b2 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750816bd 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075081401 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075081419 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075081431 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007508144a 2 bytes [08, 75] .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750814dd 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750814f5 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007508150d 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075081525 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007508153d 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075081555 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007508156d 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075081585 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007508159d 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750815b5 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750815cd 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750816b2 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750816bd 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075081401 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075081419 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075081431 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007508144a 2 bytes [08, 75] .text ... * 9 .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000750814dd 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000750814f5 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007508150d 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075081525 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007508153d 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075081555 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007508156d 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075081585 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007508159d 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000750815b5 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000750815cd 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000750816b2 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000750816bd 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075081401 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075081419 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075081431 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007508144a 2 bytes [08, 75] .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750814dd 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750814f5 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007508150d 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075081525 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007508153d 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075081555 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007508156d 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075081585 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007508159d 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750815b5 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750815cd 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750816b2 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750816bd 2 bytes [08, 75] ---- Threads - GMER 2.0 ---- Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [5620:4140] 000007fefa941ebc ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1564] 0000000075020000 Library ? (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [5620] 0000000072580000 Library ? (*** suspicious ***) @ C:\Windows\system32\sppsvc.exe [8180] 000007fee7790000 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb425db3a7 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb425db3a7 (not active ControlSet) Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Laura\Downloads\aulauncher.exe 1 ---- EOF - GMER 2.0 ---- Geändert von fräuleinL (27.01.2013 um 12:31 Uhr) |
|
27.01.2013, 13:45
| #2 |
| | Virus/Trojaner noch am Pc? So, das wäre mal getan. Freue mich, wenn mir wer damit weiterhelfen kann. Schönen Sonntag einstweilen und danke schonmal.
__________________ |
|
28.01.2013, 13:45
| #3 |
| /// Helfer-Team  | Virus/Trojaner noch am Pc?__________________
__________________ |
|
28.01.2013, 18:52
| #4 |
| | Virus/Trojaner noch am Pc? 2013/01/26 19:04:11 +0100 LAURA-PC Laura DETECTION C:\Users\Laura\AppData\Local\Temp\{FE67BF95-61DD-4EF5-AC1E-29FF25849D63}\Addons\wxdownload_extensionie.exe Trojan.Agent ALLOW Und hier hab ich noch den Bericht von Avira: Avira Free Antivirus Erstellungsdatum der Reportdatei: Samstag, 26. Jänner 2013 19:46 Es wird nach 4727933 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : Laura Computername : LAURA-PC Versionsinformationen: BUILD.DAT : 12.1.9.1236 Bytes 11.10.2012 15:29:00 AVSCAN.EXE : 12.3.0.48 468256 Bytes 14.11.2012 19:51:21 AVSCAN.DLL : 12.3.0.15 66256 Bytes 11.05.2012 17:31:16 LUKE.DLL : 12.3.0.15 68304 Bytes 11.05.2012 17:31:17 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 11.05.2012 17:31:18 AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 17:31:18 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:49:21 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 06:56:15 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 06:56:21 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 20:40:34 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 20:40:56 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:20:06 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 11:49:27 VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 07:56:01 VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 15:12:38 VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 07:56:01 VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 15:12:39 VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 15:12:39 VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 15:12:39 VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 15:12:40 VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 17:46:08 VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 17:46:08 VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 17:46:08 VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 09:02:03 VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 17:13:00 VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 17:13:11 VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 19:38:10 VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 10:42:47 VBASE022.VDF : 7.11.58.7 167936 Bytes 21.01.2013 18:00:07 VBASE023.VDF : 7.11.58.49 140288 Bytes 22.01.2013 18:00:08 VBASE024.VDF : 7.11.58.119 137728 Bytes 24.01.2013 09:10:40 VBASE025.VDF : 7.11.58.175 132608 Bytes 25.01.2013 09:10:10 VBASE026.VDF : 7.11.58.176 2048 Bytes 25.01.2013 09:10:10 VBASE027.VDF : 7.11.58.177 2048 Bytes 25.01.2013 09:10:10 VBASE028.VDF : 7.11.58.178 2048 Bytes 25.01.2013 09:10:10 VBASE029.VDF : 7.11.58.179 2048 Bytes 25.01.2013 09:10:11 VBASE030.VDF : 7.11.58.180 2048 Bytes 25.01.2013 09:10:11 VBASE031.VDF : 7.11.58.194 4608 Bytes 26.01.2013 09:10:11 Engineversion : 8.2.10.238 AEVDF.DLL : 8.1.2.10 102772 Bytes 11.07.2012 09:01:32 AESCRIPT.DLL : 8.1.4.84 467322 Bytes 25.01.2013 09:10:47 AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 21:17:36 AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 07:30:03 AERDL.DLL : 8.2.0.88 643444 Bytes 07.11.2012 18:16:37 AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 23:27:13 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 17:00:38 AEHEUR.DLL : 8.1.4.182 5706104 Bytes 25.01.2013 09:10:45 AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 20:32:19 AEGEN.DLL : 8.1.6.16 434549 Bytes 25.01.2013 09:10:41 AEEXP.DLL : 8.3.0.14 188788 Bytes 25.01.2013 09:10:48 AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 09:01:30 AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 21:17:34 AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 17:00:33 AVWINLL.DLL : 12.3.0.15 27344 Bytes 11.05.2012 17:31:14 AVPREF.DLL : 12.3.0.32 50720 Bytes 14.11.2012 19:51:20 AVREP.DLL : 12.3.0.15 179208 Bytes 11.05.2012 17:31:18 AVARKT.DLL : 12.3.0.33 209696 Bytes 14.11.2012 19:51:19 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 11.05.2012 17:31:16 SQLITE3.DLL : 3.7.0.1 398288 Bytes 11.05.2012 17:31:18 AVSMTP.DLL : 12.3.0.32 63480 Bytes 20.08.2012 19:30:51 NETNT.DLL : 12.3.0.15 17104 Bytes 11.05.2012 17:31:17 RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 20.08.2012 19:30:43 RCTEXT.DLL : 12.3.0.32 98848 Bytes 14.11.2012 19:51:16 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Lokale Laufwerke Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\alldrives.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Samstag, 26. Jänner 2013 19:46 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! [INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! [INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Nero.AndroidServer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SyncUP.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RoxioBurnLauncher.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'BTPlayerCtrl.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'StageRemoteService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Skype.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'msnmsgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'StageRemote.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'FF_Protection.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '3704' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <OS> C:\$Recycle.Bin\S-1-5-21-957426118-3428125665-499508862-1001\$R2LON0N\Addons\wxdownload_extension.exe [0] Archivtyp: 7-Zip SFX (self extracting) --> 51042019b6245.exe [FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/AdSpy.Gen C:\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZXESSWE\5104204d06c43[1].exe [0] Archivtyp: 7-Zip SFX (self extracting) --> 5104204cebbad.exe [FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/AdSpy.Gen --> 5104204cebbe6.dll [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen7 C:\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2315162\51042019c64e4[1].exe [0] Archivtyp: 7-Zip SFX (self extracting) --> 51042019b6245.exe [FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/AdSpy.Gen Beginne mit der Suche in 'D:\' Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Desinfektion: C:\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2315162\51042019c64e4[1].exe [FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/AdSpy.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54919d2f.qua' verschoben! C:\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZXESSWE\5104204d06c43[1].exe [FUND] Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen7 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c06b289.qua' verschoben! C:\$Recycle.Bin\S-1-5-21-957426118-3428125665-499508862-1001\$R2LON0N\Addons\wxdownload_extension.exe [FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/AdSpy.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e05e828.qua' verschoben! Ende des Suchlaufs: Samstag, 26. Jänner 2013 21:26 Benötigte Zeit: 1:38:51 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 25796 Verzeichnisse wurden überprüft 522923 Dateien wurden geprüft 4 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 3 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 522919 Dateien ohne Befall 4314 Archive wurden durchsucht 0 Warnungen 3 Hinweise |
|
28.01.2013, 20:26
| #5 |
| /// Helfer-Team | Virus/Trojaner noch am Pc? Den Bericht von MBAM posten http://www.trojaner-board.de/130160-...ml#post1000300 |
|
28.01.2013, 22:21
| #6 |
| | Virus/Trojaner noch am Pc? Hallo, hier nochmal das von MBAM. Ich hoffe, das ist das richtige! Danke 2013/01/26 19:04:11 +0100 LAURA-PC Laura DETECTION C:\Users\Laura\AppData\Local\Temp\{FE67BF95-61DD-4EF5-AC1E-29FF25849D63}\Addons\wxdownload_extensionie.exe Trojan.Agent ALLOW Beziehungsweise hier noch die MBAM-Berichte der zwei drauffolgenden Tage: 2013/01/27 11:52:14 +0100 LAURA-PC Laura MESSAGE Protection stopped 2013/01/27 11:54:21 +0100 LAURA-PC Laura MESSAGE Starting database refresh 2013/01/27 11:54:24 +0100 LAURA-PC Laura MESSAGE Database refreshed successfully 2013/01/28 18:42:51 +0100 LAURA-PC Laura MESSAGE Protection stopped 2013/01/28 18:45:18 +0100 LAURA-PC Laura MESSAGE Protection stopped 2013/01/28 22:15:29 +0100 LAURA-PC Laura MESSAGE Protection stopped 2013/01/28 22:19:06 +0100 LAURA-PC Laura MESSAGE Protection stopped |
|
29.01.2013, 13:25
| #7 |
| /// Helfer-Team | Virus/Trojaner noch am Pc? Klickst du auch mal auf den Link?  |
|
29.01.2013, 15:24
| #8 |
| | Virus/Trojaner noch am Pc? Hallo, den Link hab ich gleich beim ersten Mal angeklickt und angesehen. Wenn ich bei Logadateien auf den Pfad doppelklicke, erscheint aber nur das, was ich hier gepostet hab. |
|
29.01.2013, 15:33
| #9 |
| /// Helfer-Team | Virus/Trojaner noch am Pc? Gibt es nur das eine Logfile? |
|
29.01.2013, 16:13
| #10 |
| | Virus/Trojaner noch am Pc? Entschuldige, da waren noch einige. Hier sind die mit den Schadensmeldungen: Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.01.17.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Laura :: LAURA-PC [Administrator] 26.01.2013 19:05:14 mbam-log-2013-01-26 (19-05-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212069 Laufzeit: 9 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Laura\AppData\Local\Temp\{FE67BF95-61DD-4EF5-AC1E-29FF25849D63}\Addons\wxdownload_extensionie.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.01.17.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Laura :: LAURA-PC [Administrator] 26.01.2013 19:48:06 mbam-log-2013-01-26 (19-48-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 368312 Laufzeit: 1 Stunde(n), 37 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZXESSWE\5104204d06c43[1].exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
29.01.2013, 19:07
| #11 |
| /// Helfer-Team | Virus/Trojaner noch am Pc? Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. danach: Downloade Dir bitte SecurityCheck von einem der folgenden Links: LINK1 LINK2
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
29.01.2013, 20:27
| #12 |
| | Virus/Trojaner noch am Pc? Habe aswMBR.exe runtergeladen, aber der scan brach mehrmals ab - beim letzten Mal stürzte der ganze Pc ab. Was kann ich tun? Soll ich die anderen Tests derweil durchführen? Vielen Dank |
|
29.01.2013, 20:37
| #13 |
| /// Helfer-Team | Virus/Trojaner noch am Pc? Ueberspringe aswMBR! |
|
29.01.2013, 21:31
| #14 |
| | Virus/Trojaner noch am Pc? Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` McAfee Anti-Virus und Anti-Spyware Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (18.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
30.01.2013, 00:49
| #15 | |
| /// Helfer-Team | Virus/Trojaner noch am Pc? Aktualsieren: Adobe Reader - Download - Filepony Auch: Malwarebytes Anti-Malware - Download - Filepony Zitat:
Entscheide dich fuer einen AVScanner! |
|
| Themen zu Virus/Trojaner noch am Pc? |
| avira, dateien, deinstalliert, durchsehen, fiele, fund, gelöscht, gestern, install.exe, leitung, lieben, malwarebytes, melde, melden, namens, optimizerpro, plug-in, prefetch, programme, punkt, quarantäne, reader, schei, schließe, schädliche, systems, systemsteuerung, unbekannt, verdächtige |
Linear-Darstellung
