| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus/Trojaner noch am Pc?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.01.2013, 12:06
| #1 |
 |  Virus/Trojaner noch am Pc? Virus/Trojaner? Liebe Alle, Ich habe gestern ausnahmsweise ein Download-Programm heruntergeladen namens wxdownload. Anschließend meldete Avira einen verdächtigen Fund und fand 4 schädliche Dateien, die ich in Quarantäne gesteckt und anschließend gelöscht habe. (Eines davon war ind er ZWischenzeit schon von Malwarebytes gefunden worden und ich hatte es gelöscht). Dann fiel mir beim Durchsehen der Programme unter Systemsteuerung auf, dass OptimizerPro auf meinem Pc war, das ich daraufhin deinstalliert habe. Außderm fielen mir Zinio Reader 4 und Rocio Creator Starter auf, die anscheinend manchmal bei Dell mitinstalliert sind, mir aber vorher unbekannt waren. Habe sie sicherheitshalber auch gelöscht. Nun möchte ich sicher gehen, dass mein Pc wieder schädlingsfrei ist. Bin leider in dieser Richtung selbst unbegabt und deswegen hier. Vielen lieben Dank im Vorhinein schon für eure Hilfe. Ich habe Malwarebytes und Avira beide nochmalscannen lassen, da wurde nichts mehr gefunden Werde nun die Hilfe-leistungs-Anleitung ab Punkt 2 durchgehen und mich wieder melden. hier das Ergebnis von OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.01.2013 12:08:37 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laura\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,89 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 47,69% Memory free 7,78 Gb Paging File | 4,73 Gb Available in Paging File | 60,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,13 Gb Total Space | 309,26 Gb Free Space | 69,32% Space Free | Partition Type: NTFS Computer Name: LAURA-PC | User Name: Laura | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.27 11:55:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Downloads\OTL.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.01.10 22:11:13 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.21 13:48:28 | 003,110,808 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe PRC - [2012.08.20 20:30:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.11 18:31:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.11 18:31:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.31 23:04:38 | 000,150,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe PRC - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.10.18 17:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011.10.18 17:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011.10.18 17:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011.10.18 17:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2011.09.22 16:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011.09.22 16:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2011.09.21 16:30:12 | 004,109,312 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE PRC - [2011.08.12 05:36:46 | 000,109,184 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe PRC - [2011.06.29 14:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe PRC - [2011.06.28 01:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe PRC - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ========== Modules (No Company Name) ========== MOD - [2013.01.10 22:11:12 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.01.10 09:32:58 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4f91a66a3f10565b979b758f6f08e8cc\WindowsFormsIntegration.ni.dll MOD - [2013.01.10 09:32:54 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\07ea9ea39e1fddc8e4fe8850c849309e\System.WorkflowServices.ni.dll MOD - [2013.01.10 09:32:19 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll MOD - [2013.01.10 09:32:14 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll MOD - [2013.01.10 09:32:08 | 009,922,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\302009432d51f2682c384a8dd5a8cda6\System.Data.Entity.ni.dll MOD - [2013.01.10 09:30:52 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.01.10 09:28:57 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll MOD - [2013.01.10 09:24:20 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll MOD - [2013.01.10 09:24:04 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll MOD - [2013.01.10 09:24:02 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll MOD - [2013.01.10 09:24:00 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll MOD - [2013.01.10 09:23:45 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 09:23:32 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll MOD - [2013.01.10 09:23:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 09:23:26 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll MOD - [2013.01.10 09:23:25 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll MOD - [2013.01.10 09:23:24 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll MOD - [2013.01.10 09:23:20 | 001,117,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\abf5f0f6b5d995fb86b0529ac85e14ed\System.DirectoryServices.ni.dll MOD - [2013.01.10 09:23:19 | 001,044,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\dac9bb4d4745a4227e7ed701498a9469\System.Printing.ni.dll MOD - [2013.01.10 09:23:18 | 002,157,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\284f81850cf194b71156025b06e74e06\ReachFramework.ni.dll MOD - [2013.01.10 09:23:16 | 001,658,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\679ef75106538d0be017771ec0ceec94\PresentationUI.ni.dll MOD - [2013.01.10 09:23:13 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5f3769db958cc666dc98cb7748a84ac9\PresentationFramework.ni.dll MOD - [2013.01.10 09:23:00 | 000,039,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\2f32b665b25e874e0222f7be18b0161f\PresentationCFFRasterizer.ni.dll MOD - [2013.01.10 09:22:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013.01.10 09:22:52 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 09:22:51 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\43f1725719239288707661115956470e\System.Deployment.ni.dll MOD - [2013.01.10 09:22:50 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a7424b1be331f4b534ea24e0c21dbe47\UIAutomationTypes.ni.dll MOD - [2013.01.10 09:22:49 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll MOD - [2013.01.10 09:22:49 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013.01.10 09:22:48 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\45e239d35a2c14b841dd4ef2c186ff2f\PresentationCore.ni.dll MOD - [2013.01.10 09:22:37 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 09:22:35 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll MOD - [2013.01.10 09:22:31 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 09:22:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 09:22:26 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 09:22:22 | 000,015,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\9d2a9fc04e660079633eb74b37a1d77c\Microsoft.VisualC.ni.dll MOD - [2013.01.10 09:22:21 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.03.30 11:15:57 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2011.12.31 23:04:40 | 000,891,688 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll MOD - [2011.12.31 23:04:28 | 000,251,688 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll MOD - [2011.09.22 16:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2011.06.29 14:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe MOD - [2011.06.28 01:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe MOD - [2011.06.28 01:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll MOD - [2011.06.25 05:32:36 | 000,323,136 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll MOD - [2011.06.25 05:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll MOD - [2010.12.17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe MOD - [2010.11.21 07:49:35 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll MOD - [2010.11.21 07:49:35 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_de_b77a5c561934e089\System.Data.Entity.resources.dll MOD - [2010.11.21 07:49:35 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010.11.21 07:49:35 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2010.11.21 07:49:27 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2010.11.21 07:49:25 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.03.22 21:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll MOD - [2010.03.17 02:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll MOD - [2010.03.17 02:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll MOD - [2010.03.17 02:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll MOD - [2010.03.12 01:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll MOD - [2010.03.12 01:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll MOD - [2010.03.05 21:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll MOD - [2010.03.05 21:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.26 09:52:34 | 000,182,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012.12.26 09:49:32 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012.12.26 09:47:40 | 000,241,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2012.11.16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012.08.31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2011.11.01 19:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011.11.01 19:25:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011.11.01 19:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2011.10.21 00:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2011.10.19 20:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011.08.12 05:36:46 | 000,109,184 | ---- | M] (Conexant Systems, Inc.) [On_Demand | Running] -- C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe -- (CxUtilSvc) SRV:64bit: - [2011.05.12 14:06:38 | 000,200,320 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV:64bit: - [2011.03.08 23:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk) SRV:64bit: - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.01.25 20:35:17 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.10 22:11:13 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.11 18:31:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.11 18:31:16 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.10.18 17:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.10.18 17:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.10.18 17:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2011.09.22 16:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.08.26 02:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.26 09:55:26 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2012.12.26 09:52:44 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012.12.26 09:51:24 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012.12.26 09:50:48 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012.12.26 09:49:42 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012.12.26 09:49:00 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012.12.26 09:48:30 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.11 18:31:18 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.11 18:31:18 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012.03.30 11:16:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.03.30 11:16:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.09 18:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011.12.02 02:57:06 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.11.15 00:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.10.19 20:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.10.19 20:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.09.16 15:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.14 01:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.09.14 01:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.08.29 22:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.06.24 04:19:44 | 001,446,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.06.10 20:04:38 | 001,591,936 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.05.17 15:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011.05.17 15:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011.04.15 20:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.23 19:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.01.20 17:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.13 18:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010.12.09 05:29:58 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MCfilt64.sys -- (MCfilt) DRV:64bit: - [2010.12.02 09:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.08.20 10:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.11.01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D3206E21-8825-4BFA-9809-D55DFC854C8A} IE:64bit: - HKLM\..\SearchScopes\{D3206E21-8825-4BFA-9809-D55DFC854C8A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {D3206E21-8825-4BFA-9809-D55DFC854C8A} IE - HKLM\..\SearchScopes\{D3206E21-8825-4BFA-9809-D55DFC854C8A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Offizielle Seite | Dell Österreich IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Forestle IE - HKCU\..\SearchScopes,DefaultScope = {D3206E21-8825-4BFA-9809-D55DFC854C8A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://hotmail.com" FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5 FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013.01.25 10:14:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 11:59:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.10.27 01:30:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 11:59:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.04 13:57:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Extensions [2013.01.26 19:10:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\zshaoc9g.default\extensions [2012.11.15 08:32:19 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\zshaoc9g.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.01.08 22:24:13 | 000,223,719 | ---- | M] () (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\zshaoc9g.default\extensions\isreaditlater@ideashower.com.xpi [2012.12.11 22:19:39 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\zshaoc9g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.24 11:41:32 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\zshaoc9g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.26 19:04:37 | 000,002,422 | ---- | M] () -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\zshaoc9g.default\searchplugins\babylon1.xml [2012.06.28 21:11:45 | 000,002,314 | ---- | M] () -- C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\zshaoc9g.default\searchplugins\forestle-at.xml [2013.01.19 11:59:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.10 22:11:13 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 09:00:34 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120712231236.dll (McAfee, Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120712231236.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Laura\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Laura\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADF71D4B-19A0-41C8-A008-34204C9A9987}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B617CBFF-DF22-42A9-BB84-7FC9336FD922}: DhcpNameServer = 195.34.133.21 212.186.211.21 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.26 23:18:23 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Roxio Log Files [2013.01.26 22:13:53 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{B39FED21-FD79-4C9D-A800-D5AA2B9D2669} [2013.01.26 21:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.01.26 19:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ClickIT [2013.01.26 19:04:10 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Babylon [2013.01.26 19:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.01.26 19:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013.01.26 18:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2013.01.26 18:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2013.01.26 18:31:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip [2013.01.26 10:13:14 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{73734DF7-B301-4E10-A699-4474D2A5FB2C} [2013.01.25 10:12:11 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{8AE071B9-2D40-4823-9416-9969378E2A7D} [2013.01.24 08:31:37 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{8DE4490F-FB4D-431E-9EC4-76D604605C14} [2013.01.23 20:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.01.23 20:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.01.23 20:26:50 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{8C2AF5BD-5577-4BBD-85B7-3427D9F6E0A3} [2013.01.22 20:37:41 | 000,000,000 | ---D | C] -- C:\Users\Laura\Desktop\tdj [2013.01.22 20:37:35 | 000,000,000 | ---D | C] -- C:\Users\Laura\Desktop\wohnung [2013.01.22 20:28:34 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{B20D8A44-85BA-429B-A051-059C099EA68E} [2013.01.22 08:27:41 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{BF58BDD0-0C4A-438D-8B06-4CA467690C99} [2013.01.21 08:32:26 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{A4B73C47-068D-4B2C-9EC4-7CD9AF650D89} [2013.01.20 09:46:22 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{D2149779-0D41-4E64-9977-4C115CB72DD1} [2013.01.19 11:59:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.19 11:39:20 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{AEB08AD4-DD0D-4DEC-AAB4-B1FCED16240B} [2013.01.18 09:40:34 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{09A03739-0401-4C93-A8A6-93AED160C65B} [2013.01.17 20:54:00 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{EFC3D820-B1BC-496F-BF91-21AC1311A4B2} [2013.01.17 08:53:23 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{83E8412C-7222-4F83-830B-A9C0DEC2B508} [2013.01.16 20:52:44 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{24363A33-9C75-40F0-9A4B-3564AB6D218A} [2013.01.16 08:52:07 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{D8E32A15-3D6A-4E38-99F1-F4AB2B54F22F} [2013.01.15 10:44:59 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{719040E5-D3D2-4F1B-8BC2-196F73B4EBFC} [2013.01.14 20:50:00 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{72292AEA-EE02-4ED5-A379-993B1AC8F0C1} [2013.01.14 08:49:34 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{181454C6-C010-4D64-8022-8D2665C057BD} [2013.01.13 12:33:09 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{B96938D9-F120-490C-B495-98356B60DD52} [2013.01.12 09:58:01 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{14BBC482-9897-43B4-87E3-B751A2607DE0} [2013.01.11 21:23:31 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{E36C99D9-FF72-464C-8E43-903E7D12DCBF} [2013.01.11 09:22:53 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{323ACEF2-40AB-4A5D-8C7D-16D14F2BE882} [2013.01.10 21:18:44 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{A52AEC41-171A-447D-A3AF-160822B7A0FB} [2013.01.10 09:18:05 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{30E00925-9677-4079-BF40-208B3D5E250D} [2013.01.09 09:41:32 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{6D3A9A2D-387C-4844-82EC-72F7E8A6876D} [2013.01.08 21:40:52 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{D2375D80-9BB7-4376-9D91-40244202A5C2} [2013.01.08 11:39:36 | 000,000,000 | ---D | C] -- C:\Users\Laura\Desktop\serie [2013.01.08 09:40:01 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{A2263D1D-AE19-48C1-9A61-2DC7A26B4880} [2013.01.06 09:53:57 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{C6FC79F9-FE16-4A8B-9099-4377995A346A} [2013.01.05 12:10:37 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{59AA485E-639E-485A-A556-B8A8EBEBFFAB} [2013.01.04 16:08:37 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{D3A4CB56-C073-4AD7-842C-5A3673962894} [2012.12.31 17:16:38 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{AD4ED556-D21A-4488-97B1-D3ED42AB2A68} [2012.12.30 16:50:30 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{FFB0632E-5753-41E3-8981-A268CE96D36D} [2012.12.29 12:02:09 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\{15D5CE6A-F674-4C50-A7FE-1DB137FE5580} ========== Files - Modified Within 30 Days ========== [2013.01.27 12:15:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.27 12:07:22 | 000,000,000 | ---- | M] () -- C:\Users\Laura\defogger_reenable [2013.01.27 11:52:48 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.27 11:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.27 11:05:41 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.27 11:05:41 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.27 10:51:13 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.27 10:51:13 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.27 10:51:13 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.27 10:51:13 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.27 10:51:13 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.27 10:49:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.26 21:30:06 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.26 21:28:36 | 3132,346,368 | -HS- | M] () -- C:\hiberfil.sys [2013.01.26 18:31:27 | 000,002,233 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk [2013.01.25 18:00:04 | 000,001,053 | ---- | M] () -- C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.12 18:10:01 | 001,218,893 | ---- | M] () -- C:\Users\Laura\Desktop\DIPLOMARBEIT FINALE.pdf [2013.01.10 09:15:18 | 000,423,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 10:54:58 | 001,590,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2013.01.27 12:07:22 | 000,000,000 | ---- | C] () -- C:\Users\Laura\defogger_reenable [2013.01.26 18:31:27 | 000,002,233 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk [2013.01.12 18:07:53 | 001,218,893 | ---- | C] () -- C:\Users\Laura\Desktop\DIPLOMARBEIT FINALE.pdf [2012.11.24 12:06:51 | 000,000,055 | ---- | C] () -- C:\Users\Laura\AppData\Roaming\mbam.context.scan [2012.03.30 10:53:25 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2012.03.30 10:52:52 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.30 10:52:49 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.30 10:52:47 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.30 10:52:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.03.30 10:52:45 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.02.11 11:22:50 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.26 19:04:10 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Babylon [2013.01.27 12:20:12 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Dropbox [2012.10.22 18:45:33 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\DVDVideoSoft [2012.10.22 18:45:04 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.02 15:40:28 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Fingertapps [2012.07.07 15:35:09 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\OpenOffice.org [2012.07.18 11:11:14 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\PCDr [2012.07.18 10:27:34 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\pdfforge [2012.04.04 16:10:45 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\SoftGrid Client [2012.04.02 17:03:34 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\TP ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.01.2013 12:08:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laura\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,89 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 47,69% Memory free
7,78 Gb Paging File | 4,73 Gb Available in Paging File | 60,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 309,26 Gb Free Space | 69,32% Space Free | Partition Type: NTFS
Computer Name: LAURA-PC | User Name: Laura | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F430E68-0FD2-4A51-9111-3FAA2B341BD6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F66A367-172C-4005-A6A1-B850D58C986D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{12CD04F4-9F22-414F-9C46-12C691071B9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A928C83-853A-4FF4-AE4A-1D5E99CF7629}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{27C60D99-1C0C-440D-9B1D-8B79422B6796}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{2B200B6B-3E37-430E-9591-CDF0C93656BE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A4975AC-0B8C-45D6-AA54-B462678326E4}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{5F764EEA-D389-4DC2-98CE-56EFCED27B7B}" = lport=139 | protocol=6 | dir=in | app=system |
"{60D227A8-CEF0-4B17-A79D-1E187CDDDA04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6DB53F7A-0BA5-44BB-BD69-90DF75C60111}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{763C862A-AEA8-448E-BE0C-9990F2A962B6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79171982-C1C2-444F-87BB-B277C1AEB07D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E8D1BDA-F583-4AF1-B81A-3E5DBA0570A0}" = lport=137 | protocol=17 | dir=in | app=system |
"{85A40337-9A86-4329-B906-4A97D4515273}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9284DF4C-361D-4A3C-A7FB-F1AA245037F9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9368A39E-909C-416A-9CEB-9C4FB9CEEA26}" = rport=137 | protocol=17 | dir=out | app=system |
"{9A514532-828D-4DA2-9513-B6BE1F406800}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{A5E76115-0A7B-4C14-8E73-DF8D86C58F1A}" = rport=138 | protocol=17 | dir=out | app=system |
"{AAE51DAD-E601-4FF0-8BCB-7F8075AFA956}" = rport=445 | protocol=6 | dir=out | app=system |
"{B7878BCF-1C9C-4559-ADE4-160FEA064789}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B9096231-65A3-4A2D-B35D-C58754FD0A95}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BD343FA9-E400-4BDD-843E-F468839F5C79}" = lport=445 | protocol=6 | dir=in | app=system |
"{C36E7385-87DB-4836-B3FE-B5AE45CA4394}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{C5A12BD4-79FA-4D64-9C23-0CEEBD7E6AD6}" = rport=139 | protocol=6 | dir=out | app=system |
"{D005C09E-DAF2-41EB-AA34-6F4294548EA2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD8ECBA8-2D7A-40CE-9587-F6E286F20B89}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E8FFC496-E97E-4916-9603-A3624FBFBB6B}" = lport=138 | protocol=17 | dir=in | app=system |
"{F0CCBBBA-88EC-4577-ADC6-18763D37B586}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{F2905744-785C-4677-ADA8-993B8DA6D786}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FCE16640-F499-42E8-99CA-6CA5FA544B21}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00925E02-DAF4-4718-97E4-19FF59873744}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{0344B9FD-19A6-4D83-A055-630D9546F6A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0979E5AF-EB7D-463D-8448-EFB3D08E16BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0B5E4295-A1A9-4828-A3EE-78A63C987669}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{113D1593-6B64-435E-9B45-276002B531B6}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{1676F2B5-6331-4312-B7A1-32293506E21F}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{1828EBEA-08C9-4CA0-A231-1C4191E1F2B7}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{20B51E7E-9B2A-4BB6-835A-4CD7301248C4}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{24588A2E-F35C-4010-9472-F74F35CAB28B}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{2735CACE-33C1-41BD-AB60-8EA9AB9315F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28CBA878-BF40-47AA-AFCD-174CE10959E9}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{2CCD0615-0690-4E44-A352-77DE819E60A1}" = protocol=17 | dir=in | app=c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe |
"{2D6FC5BE-BD5F-4046-B2E7-EEB978F7A7E1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nero\bdcore\nero blu-ray player\blu-rayplayer.exe |
"{334100A9-6861-4CC2-81BB-0B2E1124771A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{36AD557A-1C38-471B-8A61-B2BA0DBD4E49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A018522-EEFB-4D11-91DB-BAAAF6547B44}" = protocol=58 | dir=in | app=system |
"{42EAAF37-1A6F-44F9-89A1-A5095C13C66D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{51E5DDDA-AE91-4A65-BB1F-71E6FAE340D7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{64EDD5DD-ED90-41D0-9556-B60F002D10E0}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{72C37894-A265-41E0-B19A-698A6A111253}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{72FA1431-5AFD-4F34-860A-7969BC3F7A84}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{773BDC67-2DF2-4247-88B1-C12EE648A20B}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{82B5345F-BB77-439D-9798-EC22B06E7CEE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{8EC617A4-FA76-4326-89BB-82D5C227BDD0}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{91619A19-9183-4A1E-BDAA-653704DE52B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{947E6341-ECE4-442A-BA2F-A538E15886C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{962D1A3F-3A6C-4250-A9FB-2F6C317030E9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{99D7EFFE-ACE9-482F-8868-ED03B8AD7D8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99FA99AE-25D1-49DD-B45A-9955B1D267FB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9A2720CC-4D9D-43FD-82A8-AAF651EC2A59}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{9E6A91A2-758D-4E0E-BA60-D3EE1B714DA1}" = protocol=6 | dir=out | app=system |
"{A0836DE2-A6E9-454C-864A-1D8468B6058B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B04851F2-72AD-47C0-BD68-F7A71F8265C7}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nero\bdcore\nero blu-ray player\blu-rayplayer.exe |
"{B32EE825-B6FB-4152-A213-CBD5814E6B69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4950BAB-C3C0-452F-AE3A-89F1A7584027}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B50008B5-554B-49A2-A3D1-249F23B39B0A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B736DD0D-BEA5-453B-918A-B20E46AF3D4D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BCA046DF-3A03-4B25-A9D6-60E8473EA3B5}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{BD700A39-7159-42FC-ADF8-A51A8B6339B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE4F3308-02A5-497F-A8FF-AC3E3342804E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C04BE020-341F-4A48-9C7B-1D1446FFAFEC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2523393-CD87-4B01-B8A0-6D5249B1951D}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{C32B480D-E059-4CB1-990E-D8FA3BF44576}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CA52E058-F7E6-4B8C-9BE0-815DE2C427CC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D4BCA62A-BA16-42B3-95BA-62FAB211AE69}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D7C49AEC-1DB7-4E0E-B969-4A456A337C89}" = protocol=6 | dir=in | app=c:\users\laura\appdata\roaming\dropbox\bin\dropbox.exe |
"{DECA00E4-4A88-4925-9842-D234CBFBF581}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{ED3C6BEA-A77D-4351-8FAC-BAB49C340F7D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F588CC30-110F-443B-A6E1-042C96F983DD}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{F7C4F5C0-07E4-45CB-9A96-8A2EB5E47193}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB0A6E28-9B67-4CB4-99DF-A1BB492CDC9F}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82CD33B2-1DE6-4663-B6F0-1592B2376F78}" = VS10Runtimex64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi-Software
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant SmartAudio HD
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Dell Support Center
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel(R) WiDi
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E90B7F4-1817-4405-B4A5-E4EA5EC0E2B3}" = Dell MusicStage
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}" = WinZip 17.0
"{CE5EBCBC-5D83-4637-967E-5E06CA89A996}" = Dell Stage
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"ProInst" = Intel PROSet Wireless
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.01.2013 07:09:15 | Computer Name = Laura-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.01.2013 04:52:38 | Computer Name = Laura-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.01.2013 03:57:57 | Computer Name = Laura-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 7180 (0x1c0c) Thread address : 0x000000007742138A Thread message : Build VSCORE.15.1.0.513
/ 5500.1093 Object being scanned = \Device\HarddiskVolume3\Windows\Prefetch\AgCx_SC1.db.trx
by C:\Windows\System32\svchost.exe 7011(23547509)(0) 93(23547509)(0) 5(23547509)(0)
4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
Error - 07.01.2013 18:28:35 | Computer Name = Laura-PC | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 6.0.0.126 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1340 Startzeit:
01cded009d5f2e75 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID:
Error - 08.01.2013 04:40:30 | Computer Name = Laura-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.01.2013 14:47:56 | Computer Name = Laura-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.01.2013 03:12:28 | Computer Name = Laura-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2013 04:15:54 | Computer Name = Laura-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.01.2013 14:15:14 | Computer Name = Laura-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.01.2013 04:20:42 | Computer Name = Laura-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 21.01.2013 15:04:11 | Computer Name = Laura-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\IWMSSvc.dll
Error - 21.01.2013 15:04:11 | Computer Name = Laura-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\Windows\System32\IWMSSvc.dll
Error - 22.01.2013 13:56:11 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 23.01.2013 15:26:09 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 24.01.2013 03:30:50 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 25.01.2013 05:10:37 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 26.01.2013 11:53:38 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 26.01.2013 14:20:26 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 26.01.2013 14:20:56 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 26.01.2013 16:30:12 | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
< End of report >
GMER 2.0.18444 - GMER - Rootkit Detector and Remover Rootkit scan 2013-01-27 13:38:10 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.D005 465,76GB Running: gmer-2.0.18444.exe; Driver: C:\Users\Laura\AppData\Local\Temp\ugloapob.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075081401 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075081419 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075081431 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007508144a 2 bytes [08, 75] .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750814dd 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750814f5 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007508150d 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075081525 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007508153d 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075081555 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007508156d 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075081585 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007508159d 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750815b5 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750815cd 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750816b2 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2228] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750816bd 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075081401 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075081419 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075081431 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007508144a 2 bytes [08, 75] .text ... * 9 .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750814dd 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750814f5 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007508150d 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075081525 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007508153d 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075081555 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007508156d 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075081585 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007508159d 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750815b5 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750815cd 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750816b2 2 bytes [08, 75] .text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750816bd 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075081401 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075081419 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075081431 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007508144a 2 bytes [08, 75] .text ... * 9 .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750814dd 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750814f5 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007508150d 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075081525 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007508153d 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075081555 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007508156d 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075081585 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007508159d 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750815b5 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750815cd 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750816b2 2 bytes [08, 75] .text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[5588] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750816bd 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075081401 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075081419 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075081431 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007508144a 2 bytes [08, 75] .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750814dd 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750814f5 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007508150d 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075081525 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007508153d 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075081555 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007508156d 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075081585 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007508159d 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750815b5 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750815cd 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750816b2 2 bytes [08, 75] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750816bd 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000075081401 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000075081419 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000075081431 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007508144a 2 bytes [08, 75] .text ... * 9 .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000750814dd 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000750814f5 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007508150d 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075081525 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007508153d 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075081555 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007508156d 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000075081585 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007508159d 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000750815b5 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000750815cd 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000750816b2 2 bytes [08, 75] .text C:\Users\Laura\AppData\Roaming\Dropbox\bin\Dropbox.exe[5872] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000750816bd 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075081401 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075081419 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075081431 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007508144a 2 bytes [08, 75] .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000750814dd 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000750814f5 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007508150d 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075081525 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007508153d 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075081555 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007508156d 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075081585 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007508159d 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000750815b5 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000750815cd 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000750816b2 2 bytes [08, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000750816bd 2 bytes [08, 75] ---- Threads - GMER 2.0 ---- Thread C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [5620:4140] 000007fefa941ebc ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1564] 0000000075020000 Library ? (*** suspicious ***) @ C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [5620] 0000000072580000 Library ? (*** suspicious ***) @ C:\Windows\system32\sppsvc.exe [8180] 000007fee7790000 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb425db3a7 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb425db3a7 (not active ControlSet) Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Laura\Downloads\aulauncher.exe 1 ---- EOF - GMER 2.0 ---- Geändert von fräuleinL (27.01.2013 um 12:31 Uhr) |
| Themen zu Virus/Trojaner noch am Pc? |
| avira, dateien, deinstalliert, durchsehen, fiele, fund, gelöscht, gestern, install.exe, leitung, lieben, malwarebytes, melde, melden, namens, optimizerpro, plug-in, prefetch, programme, punkt, quarantäne, reader, schei, schließe, schädliche, systems, systemsteuerung, unbekannt, verdächtige |
Baum-Darstellung