| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarzWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.03.2013, 19:44
| #1 |
 |  plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz Hallo und guten Abend, ich habe seit etwa zwei Stunden ein Problem mit meinem Dell, nutze Windows 7. Zum ersten Mal passiert es mir, dass plötzlich laufende Programme geschlossen wurden, der Desktop leer und schwarz wird, statt dessen zwängen sich haufenweise Fehlermeldungen auf und es startet "System repair". Dummerweise kann ich euch nicht sagen, um was für Fehlermeldungen es sich genau handelte, denn zum Einen verstehe ich kein englisch, zum Anderen hab ich sie in meiner Überforderung zugemacht und den PC neu gestartet. Über die Windows-Suche fand ich meinen Browser (Opera) und danach dieses Board, las mir eure Anleitungen/Anweisungen durch und komme nun zu den Berichten: Als Erstes las ich die Anleitung zu Malwarebytes: Datenbank Version: v2013.03.03.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Vorname Nachname :: VORNAMENACHNAME-PC [Administrator] 03.03.2013 17:50:08 mbam-log-2013-03-03 (17-50-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 226537 Laufzeit: 2 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 1 C:\ProgramData\oKJlROuTVCyA.exe (Trojan.FakeAV) -> 4636 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|oKJlROuTVCyA.exe (Trojan.FakeAV) -> Daten: C:\ProgramData\oKJlROuTVCyA.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 5 HKCU\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\oKJlROuTVCyA.exe (Trojan.FakeAV) -> Löschen bei Neustart. (Ende) Dann Defogger. Hier war mir der Scan nicht möglich: defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:11 on 03/03/2013 (Vorname Nachname) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL Extras: OTL Extras logfile created on: 03.03.2013 18:13:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vorname Nachname 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 62,89% Memory free 7,83 Gb Paging File | 6,28 Gb Available in Paging File | 80,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,11 Gb Total Space | 330,53 Gb Free Space | 74,09% Space Free | Partition Type: NTFS Computer Name: VORNAMENACHNAME-PC | User Name: Vorname Nachname | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Users\Vorname Nachname\Documents\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Users\Vorname Nachname\Documents\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Users\Vorname Nachname\Documents\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Users\Vorname Nachname\Documents\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Users\Vorname Nachname\Documents\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Users\Vorname Nachname\Documents\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{50F69271-9E64-43FC-9FC0-D5E13BF93337}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{663CBDFE-F086-477D-B03C-556D376E64C9}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{DD759FA6-ECA2-42BD-93E4-EC87DD59CD43}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1AA473B8-4C88-44FF-A3FE-71938691561F}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe | "{22E967A3-AB9B-4611-9103-D2BD1C7F1F5F}" = protocol=17 | dir=in | app=c:\users\vorname nachname\desktop\opera.exe | "{36F926E6-88E6-4026-885F-0AE2A29D68A0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{3F1AFD98-1818-4478-A2CD-1C35F738DF98}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{466DB2D9-B3DC-434F-BAB5-1140A92F8345}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{5A94863C-FCE9-482F-BEC6-B4210D17D246}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{5FF03859-D93C-40DE-887F-F567F10504C4}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{61059427-7B6A-49F9-9093-7A03026560D1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{6D744BD0-8D90-478D-A509-FDD882C6F9F5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{79168A79-48BB-4EA8-B165-26621F1DD3BF}" = dir=in | app=c:\users\sarah adler\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{7C7CE462-5FBE-44AC-9AD4-54CA2CA437BB}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{7D7D09C0-1D70-4FD6-8C59-69A41A341F62}" = protocol=17 | dir=in | app=c:\users\vorname nachname\documents\opera.exe | "{899BDDAC-B8F5-4273-9E6A-9F9B1420B621}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | "{970AF6E9-D888-4E97-9BB8-6F0B08CDADF6}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{9887AAB1-A41E-4C89-8051-65727F34708F}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe | "{9E9BB966-15D2-43C4-AECE-4D08887FDDE3}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{A0EC6873-1622-4B38-9D1A-9BCE2263BF94}" = protocol=6 | dir=in | app=c:\users\vorname nachname\documents\opera.exe | "{A5943D2D-4FBB-46A4-9CC5-A8F13DE773E8}" = protocol=6 | dir=in | app=c:\users\vorname nachname\desktop\opera.exe | "{B60FF9C2-6E12-40E5-AAE8-314ADE4727E3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{C4870C1C-B467-4F72-9AFB-38E1FD4D134C}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe | "{CBA9F6D1-6D55-4938-987C-F68DE41B8AD5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{D24EE7CC-25E5-4492-962F-BC4916237B53}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{DBF3D306-5566-42C4-B497-C02D5195448A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{DC4A66D4-C18C-4664-99B0-4D7794E6C6F6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{DCEE0C97-1186-4491-A9A9-92EA53718ADE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DEA37A7C-91FF-4512-85C7-3AA806DECF63}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{E40DB422-46A3-4AC1-8201-F7C54BC15922}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{EBD969DF-89AD-4D3B-B8FA-5EC054A93C0D}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | "{F7079DA9-ADA4-4D83-82DC-704D5C16394E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{F94FD918-AD93-4B07-9E95-BCCF309A4E81}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{FF225CDD-E203-45A9-BB44-5F8A08B73EB4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{18D32A01-E251-4EE6-96C3-B357ADC1D6FA}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe | "UDP Query User{30260850-FACF-46F3-8F2E-3A3444C87180}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit) "{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.30 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.30 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.30 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 "{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "PC-Doctor for Windows" = Dell Support Center "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9 "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2185FA57-3EF4-434A-8D59-7063B11FA3C7}" = BlackBerry App World Browser Plugin "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 30 "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress "{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}" = Dell MusicStage "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56A0DD94-47D9-4AC8-B5A1-8A8CA77C4B89}" = Dell Stage "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn "{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4 "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help "{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9 "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Advanced Audio FX Engine" = Advanced Audio FX Engine "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Dell Webcam Central" = Dell Webcam Central "Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228 "Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031 "Freeware.de Toolbar" = Freeware.de Toolbar "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Opera 12.11.1661" = Opera 12.11 "Opera 12.14.1738" = Opera 12.14 "WinLiveSuite" = Windows Live Essentials "ZinioReader4" = Zinio Reader 4 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.11.2012 16:55:34 | Computer Name = SarahAdler-PC | Source = Google Update | ID = 20 Description = Error - 02.11.2012 17:05:05 | Computer Name = SarahAdler-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 02.11.2012 17:06:05 | Computer Name = VornameNachname-PC | Source = Google Update | ID = 20 Description = Error - 02.11.2012 17:06:39 | Computer Name = VornameNachname-PC | Source = Google Update | ID = 20 Description = Error - 03.11.2012 14:06:05 | Computer Name = VornameNachname-PC | Source = Google Update | ID = 20 Description = Error - 03.11.2012 17:06:05 | Computer Name = VornameNachname-PC | Source = Google Update | ID = 20 Description = Error - 03.11.2012 17:06:22 | Computer Name = VornameNachname-PC | Source = Google Update | ID = 20 Description = Error - 03.11.2012 20:06:05 | Computer Name = VornameNachname-PC | Source = Google Update | ID = 20 Description = Error - 03.11.2012 20:06:22 | Computer Name = VornameNachname-PC | Source = Google Update | ID = 20 Description = Error - 04.11.2012 09:07:12 | Computer Name = VornameNachname-PC | Source = Google Update | ID = 20 Description = [ Media Center Events ] Error - 24.08.2012 16:02:45 | Computer Name = VornameNachname-PC | Source = MCUpdate | ID = 0 Description = 22:02:45 - Fehler beim Herstellen der Internetverbindung. 22:02:45 - Serververbindung konnte nicht hergestellt werden.. Error - 24.08.2012 16:02:52 | Computer Name = VornameNachname-PC | Source = MCUpdate | ID = 0 Description = 22:02:50 - Fehler beim Herstellen der Internetverbindung. 22:02:50 - Serververbindung konnte nicht hergestellt werden.. Error - 24.08.2012 17:02:59 | Computer Name = VornameNachname-PC | Source = MCUpdate | ID = 0 Description = 23:02:59 - Fehler beim Herstellen der Internetverbindung. 23:02:59 - Serververbindung konnte nicht hergestellt werden.. Error - 24.08.2012 17:03:05 | Computer Name = VornameNachname-PC | Source = MCUpdate | ID = 0 Description = 23:03:04 - Fehler beim Herstellen der Internetverbindung. 23:03:04 - Serververbindung konnte nicht hergestellt werden.. Error - 19.10.2012 14:17:26 | Computer Name = VornameNachname-PC | Source = MCUpdate | ID = 0 Description = 20:17:26 - Fehler beim Herstellen der Internetverbindung. 20:17:26 - Serververbindung konnte nicht hergestellt werden.. Error - 19.10.2012 14:17:34 | Computer Name = VornameNachname-PC | Source = MCUpdate | ID = 0 Description = 20:17:31 - Fehler beim Herstellen der Internetverbindung. 20:17:31 - Serververbindung konnte nicht hergestellt werden.. Error - 19.10.2012 15:17:39 | Computer Name = VornameNachname-PC | Source = MCUpdate | ID = 0 Description = 21:17:39 - Fehler beim Herstellen der Internetverbindung. 21:17:39 - Serververbindung konnte nicht hergestellt werden.. Error - 19.10.2012 15:17:45 | Computer Name = VornameNachname-PC | Source = MCUpdate | ID = 0 Description = 21:17:44 - Fehler beim Herstellen der Internetverbindung. 21:17:44 - Serververbindung konnte nicht hergestellt werden.. Error - 26.10.2012 13:02:12 | Computer Name = VornameNachname-PC | Source = MCUpdate | ID = 0 Description = 19:02:09 - Fehler beim Herstellen der Internetverbindung. 19:02:09 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 03.03.2013 10:53:02 | Computer Name = VornameNachname-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. Error - 03.03.2013 10:53:32 | Computer Name = VornameNachname-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. Error - 03.03.2013 12:24:03 | Computer Name = VornameNachname-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. Error - 03.03.2013 12:24:33 | Computer Name = VornameNachname-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. Error - 03.03.2013 12:30:48 | Computer Name = VornameNachname-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. Error - 03.03.2013 12:31:18 | Computer Name = VornameNachname-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. Error - 03.03.2013 12:38:48 | Computer Name = VornameNachname-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. Error - 03.03.2013 12:39:18 | Computer Name = VornameNachname-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. Error - 03.03.2013 12:58:20 | Computer Name = VornameNachname-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. Error - 03.03.2013 12:58:50 | Computer Name = VornameNachname-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht. < End of report > OTL.txt: OTL logfile created on: 03.03.2013 18:13:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vorname Nachname 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 62,89% Memory free 7,83 Gb Paging File | 6,28 Gb Available in Paging File | 80,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,11 Gb Total Space | 330,53 Gb Free Space | 74,09% Space Free | Partition Type: NTFS Computer Name: VORNAMENACHNAME-PC | User Name: Vorname Nachname | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.03 18:13:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah Adler\OTL.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.05.17 01:10:24 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2011.05.16 16:33:06 | 002,748,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011.05.16 16:30:18 | 001,688,384 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2011.04.22 17:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.04.21 18:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.01.24 21:34:06 | 000,991,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011.01.24 21:34:04 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011.01.24 21:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011.01.24 21:33:24 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe PRC - [2010.09.30 09:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe ========== Modules (No Company Name) ========== MOD - [2013.01.10 11:21:31 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 11:21:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 11:21:27 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 11:21:21 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.05.16 16:33:06 | 002,748,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2011.04.22 17:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2010.12.17 16:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ========== Services (SafeList) ========== SRV:64bit: - [2010.12.17 20:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2010.12.17 20:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2010.12.17 20:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2010.11.29 21:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.11.18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.02.27 20:04:24 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.05.16 16:30:18 | 001,688,384 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2011.04.22 17:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.04.21 18:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.01.24 21:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.01.24 21:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.01.24 21:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.11.25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010.11.25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010.09.30 09:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010.08.26 02:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.06 08:44:32 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.04.22 17:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.03.26 10:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.17 02:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.02.10 23:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.02.10 23:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.01.24 08:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.01.24 08:24:50 | 000,053,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio) DRV:64bit: - [2011.01.24 08:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011.01.24 07:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.01.20 17:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.22 10:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010.12.17 18:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.15 18:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010.12.13 18:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010.12.12 15:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB) DRV:64bit: - [2010.12.01 11:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010.11.29 21:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 17:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.08.20 10:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2010.07.13 03:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt) DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.11.01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E92E576F-779F-4CCC-956E-B39B5E3752D9} IE:64bit: - HKLM\..\SearchScopes\{E92E576F-779F-4CCC-956E-B39B5E3752D9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {E92E576F-779F-4CCC-956E-B39B5E3752D9} IE - HKLM\..\SearchScopes\{E92E576F-779F-4CCC-956E-B39B5E3752D9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {E92E576F-779F-4CCC-956E-B39B5E3752D9} IE - HKCU\..\SearchScopes\{59AB7583-7492-472D-8D07-999E8EBE8D9A}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll () FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sarah Adler\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKCU..\Run: [Facebook Update] C:\Users\Vorname Nachname\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - Startup: C:\Users\Vorname Nachname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Vorname Nachname\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sarah Adler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Sarah Adler\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sarah Adler\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{503ACC30-E730-459E-9916-8DA6ECAA13DE}: DhcpNameServer = 13.36.0.1 13.36.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6661857-2DAB-4944-BA63-E8F83DC2E063}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.03 18:13:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vorname Nachname\OTL.exe [2013.03.03 17:48:49 | 000,000,000 | ---D | C] -- C:\Users\Vorname Nachname\AppData\Roaming\Malwarebytes [2013.03.03 17:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.03 17:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.03 17:48:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.03 17:47:56 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Vorname Nachname\mbam-setup-1.70.0.1100.exe [2013.03.03 17:24:10 | 000,000,000 | -H-D | C] -- C:\Users\Vorname Nachname\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair [2013.02.27 22:10:33 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.27 22:10:33 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.27 22:10:33 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.27 22:10:33 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.27 22:10:32 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.27 22:10:32 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.27 22:10:31 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.27 22:10:31 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 22:10:31 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 22:10:31 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 22:10:31 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 22:10:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 22:10:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 22:10:31 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 22:10:31 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 22:10:30 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.27 22:10:30 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.27 22:10:30 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.27 22:10:30 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.27 22:10:30 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.27 22:10:30 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.27 22:10:30 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.27 22:10:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 22:10:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 22:10:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 22:10:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 22:10:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 22:10:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 22:10:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 22:10:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 22:10:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 22:10:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 22:10:29 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.27 22:10:29 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.27 22:10:29 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.27 22:10:29 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.27 22:10:29 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.27 22:10:28 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.27 22:10:28 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.27 22:10:28 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.27 22:10:28 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.20 20:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.02.20 20:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.02.14 00:03:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.14 00:03:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.14 00:03:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.14 00:03:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.14 00:03:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.14 00:03:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.14 00:03:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.14 00:03:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.14 00:03:14 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.14 00:03:14 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.14 00:03:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.14 00:03:14 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.14 00:03:13 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.14 00:03:13 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.14 00:03:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 10:36:11 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 10:36:11 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 10:36:10 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 10:36:01 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 10:36:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 10:36:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 10:36:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 10:36:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 10:36:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 10:36:00 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.07 17:22:36 | 000,000,000 | -H-D | C] -- C:\UsersVorname Nachname\Desktop\Anleitungen [2013.02.03 18:20:26 | 016,189,280 | -H-- | C] (Opera Software) -- C:\Users\Vorname Nachname\Documents\opera.dll [2013.02.03 18:20:26 | 002,106,216 | -H-- | C] (Microsoft Corporation) -- C:\Users\Vorname Nachname\Documents\D3DCompiler_43.dll [2013.02.03 18:20:26 | 000,879,456 | -H-- | C] (Opera Software) -- C:\Users\Vorname Nachname\Documents\opera.exe [2013.02.03 18:20:26 | 000,000,000 | -H-D | C] -- C:\Users\Vorname Nachname\Documents\updatechecker [2013.02.03 18:20:26 | 000,000,000 | -H-D | C] -- C:\Users\Vorname Nachname\Documents\ui [2013.02.03 18:20:26 | 000,000,000 | -H-D | C] -- C:\Users\Vorname Nachname\Documents\styles [2013.02.03 18:20:26 | 000,000,000 | -H-D | C] -- C:\Users\Vorname Nachname\Documents\skin [2013.02.03 18:20:26 | 000,000,000 | -H-D | C] -- C:\Users\Vorname Nachname\Documents\region [2013.02.03 18:20:26 | 000,000,000 | -H-D | C] -- C:\Users\Vorname Nachname\Documents\mapi [2013.02.03 18:20:26 | 000,000,000 | -H-D | C] -- C:\Users\Vorname Nachname\Documents\locale [2013.02.03 18:20:26 | 000,000,000 | -H-D | C] -- C:\Users\Vorname Nachname\Documents\gstreamer [2013.02.03 18:20:26 | 000,000,000 | -H-D | C] -- C:\Users\Vorname Nachname\Documents\extra [2013.02.03 18:20:26 | 000,000,000 | -H-D | C] -- C:\Users\Vorname Nachname\Documents\defaults ========== Files - Modified Within 30 Days ========== [2013.03.03 18:13:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vorname Nachname\OTL.exe [2013.03.03 18:10:29 | 000,050,477 | ---- | M] () -- C:\Users\Vorname Nachname\Defogger.exe [2013.03.03 18:04:36 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.03 18:04:36 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.03 18:04:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.03 18:01:58 | 001,614,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.03 18:01:58 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.03 18:01:58 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.03 18:01:58 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.03 18:01:58 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.03 17:57:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.03 17:57:06 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys [2013.03.03 17:50:01 | 000,001,499 | -H-- | M] () -- C:\Users\Vorname Nachname\Desktop\System Repair.lnk [2013.03.03 17:48:34 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.03 17:47:56 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Vorname Nachname\mbam-setup-1.70.0.1100.exe [2013.03.03 17:26:00 | 000,000,168 | -H-- | M] () -- C:\ProgramData\oKJlROuTVCyA [2013.03.03 17:23:53 | 000,000,176 | -H-- | M] () -- C:\ProgramData\-oKJlROuTVCyAr [2013.03.03 17:23:53 | 000,000,176 | -H-- | M] () -- C:\ProgramData\-oKJlROuTVCyA [2013.03.03 16:06:02 | 000,001,162 | -H-- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2718298307-3784701073-870430813-1001UA.job [2013.02.28 19:06:00 | 000,001,140 | -H-- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2718298307-3784701073-870430813-1001Core.job [2013.02.27 20:04:24 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.27 20:04:24 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.27 06:36:59 | 006,100,146 | -H-- | M] () -- C:\Users\Vorname Nachname\Desktop\Passenger - Let Her Go (Official Video).mp3 [2013.02.20 20:21:37 | 004,828,714 | -H-- | M] () -- C:\Users\Vorname Nachname\Desktop\Venice - The Lighthouse and the Whaler [Official].mp3 [2013.02.20 20:21:14 | 005,248,763 | -H-- | M] () -- C:\Users\Vorname Nachname\Desktop\Work Drugs - License To Drive.mp3 [2013.02.20 20:11:44 | 000,001,241 | -H-- | M] () -- C:\Users\Vorname Nachname\Desktop\DVDVideoSoft Free Studio.lnk [2013.02.20 08:03:09 | 000,338,531 | -H-- | M] () -- C:\Users\Vorname Nachname\Desktop\1342183241-264.jpg [2013.02.20 08:02:33 | 000,243,724 | -H-- | M] () -- C:\Users\Vorname Nachname\Desktop\1342183570-544.jpg [2013.02.18 21:00:05 | 000,008,194 | -H-- | M] () -- C:\Users\Vorname Nachname\Desktop\toelpel.jpg [2013.02.14 09:26:22 | 000,326,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.11 09:13:18 | 000,036,035 | -H-- | M] () -- C:\Users\Vorname Nachname\Documents\opera_install_log.xml [2013.02.11 09:13:13 | 000,148,990 | -H-- | M] () -- C:\Users\Vorname Nachname\Documents\pubsuffix.xml [2013.02.11 09:13:13 | 000,024,420 | -H-- | M] () -- C:\Users\Vorname Nachname\Documents\files_old.sig [2013.02.11 09:13:13 | 000,018,232 | -H-- | M] () -- C:\Users\Vorname Nachname\Documents\files.sig [2013.02.11 09:13:12 | 016,189,280 | -H-- | M] (Opera Software) -- C:\Users\Vorname Nachname\Documents\opera.dll [2013.02.11 09:13:12 | 002,106,216 | -H-- | M] (Microsoft Corporation) -- C:\Users\Vorname Nachname\Documents\D3DCompiler_43.dll [2013.02.11 09:13:12 | 000,879,456 | -H-- | M] (Opera Software) -- C:\Users\Vorname Nachname\Documents\opera.exe [2013.02.11 09:13:12 | 000,526,210 | -H-- | M] () -- C:\Users\Vorname Nachname\Documents\encoding.bin [2013.02.11 09:13:12 | 000,059,028 | -H-- | M] () -- C:\Users\Vorname Nachname\Documents\mathml.dtd [2013.02.11 09:13:12 | 000,036,277 | -H-- | M] () -- C:\Users\Vorname Nachname\Documents\html5_entity_init.dat [2013.02.11 09:13:12 | 000,007,904 | -H-- | M] () -- C:\Users\Vorname Nachname\Documents\html40_entities.dtd ========== Files Created - No Company Name ========== [2013.03.03 18:10:29 | 000,050,477 | ---- | C] () -- C:\Users\Vorname Nachname\Defogger.exe [2013.03.03 17:48:34 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.03 17:24:10 | 000,001,499 | -H-- | C] () -- C:\Users\Vorname Nachname\Desktop\System Repair.lnk [2013.03.03 17:12:11 | 000,000,176 | -H-- | C] () -- C:\ProgramData\-oKJlROuTVCyAr [2013.03.03 17:12:11 | 000,000,176 | -H-- | C] () -- C:\ProgramData\-oKJlROuTVCyA [2013.03.03 17:12:10 | 000,000,168 | -H-- | C] () -- C:\ProgramData\oKJlROuTVCyA [2013.02.27 06:36:48 | 006,100,146 | -H-- | C] () -- C:\Users\Vorname Nachname\Desktop\Passenger - Let Her Go (Official Video).mp3 [2013.02.20 20:21:29 | 004,828,714 | -H-- | C] () -- C:\Users\Vorname Nachname\Desktop\Venice - The Lighthouse and the Whaler [Official].mp3 [2013.02.20 20:21:04 | 005,248,763 | -H-- | C] () -- C:\Users\Vorname Nachname\Desktop\Work Drugs - License To Drive.mp3 [2013.02.20 08:03:09 | 000,338,531 | -H-- | C] () -- C:\Users\Vorname Nachname\Desktop\1342183241-264.jpg [2013.02.20 08:02:33 | 000,243,724 | -H-- | C] () -- C:\Users\Vorname Nachname\Desktop\1342183570-544.jpg [2013.02.18 21:00:05 | 000,008,194 | -H-- | C] () -- C:\Users\Vorname Nachname\Desktop\toelpel.jpg [2013.02.03 18:20:27 | 000,036,035 | -H-- | C] () -- C:\Users\Vorname Nachname\Documents\opera_install_log.xml [2013.02.03 18:20:26 | 000,526,210 | -H-- | C] () -- C:\Users\Vorname Nachname\Documents\encoding.bin [2013.02.03 18:20:26 | 000,148,990 | -H-- | C] () -- C:\Users\Vorname Nachname\Documents\pubsuffix.xml [2013.02.03 18:20:26 | 000,059,028 | -H-- | C] () -- C:\Users\Vorname Nachname\Documents\mathml.dtd [2013.02.03 18:20:26 | 000,036,277 | -H-- | C] () -- C:\Users\Vorname Nachname\Documents\html5_entity_init.dat [2013.02.03 18:20:26 | 000,024,420 | -H-- | C] () -- C:\Users\Vorname Nachname\Documents\files_old.sig [2013.02.03 18:20:26 | 000,018,232 | -H-- | C] () -- C:\Users\Vorname Nachname\Documents\files.sig [2013.02.03 18:20:26 | 000,007,904 | -H-- | C] () -- C:\Users\Vorname Nachname\Documents\html40_entities.dtd [2012.10.27 10:19:46 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI [2011.10.22 13:13:32 | 000,000,164 | -H-- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2011.08.26 11:17:16 | 000,007,168 | -H-- | C] () -- C:\Users\Sarah Adler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.16 20:49:42 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.07.16 20:48:46 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.07.16 20:48:44 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.07.16 20:48:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Gmer kommt als Antwortpost, da es jetzt schon zu viele Zeichen sind. |
|
03.03.2013, 19:46
| #2 |
| |  plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz Nun zu Gmer.
__________________Es kam NICHT diese Meldung: WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system ? Die kam nicht. Bericht: GMER Logfile: Code:
ATTFilter GMER 2.1.19115 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-03-03 18:58:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.D005 465,76GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\SARAHA~1\AppData\Local\Temp\kwliruob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1616] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775aefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1616] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775d99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1616] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775e94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1616] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775e9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1616] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007760a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1616] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdf13460 7 bytes JMP 000007fffdea00d8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1616] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdf19940 6 bytes JMP 000007fffdea0148
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1616] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdf19fb0 5 bytes JMP 000007fffdea0180
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1616] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdf1a150 5 bytes JMP 000007fffdea0110
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1616] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8789e0 8 bytes JMP 000007fffdea01f0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1616] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe87be40 8 bytes JMP 000007fffdea01b8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1616] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffac7490 11 bytes JMP 000007fffdea0228
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1616] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffadbf00 7 bytes JMP 000007fffdea0260
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b51465 2 bytes [B5, 77]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b514bb 2 bytes [B5, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b51465 2 bytes [B5, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2624] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b514bb 2 bytes [B5, 77]
.text ... * 2
.text C:\Windows\system32\Dwm.exe[3604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdf13460 7 bytes JMP 000007fffdea00d8
.text C:\Windows\system32\Dwm.exe[3604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdf19940 6 bytes JMP 000007fffdea0148
.text C:\Windows\system32\Dwm.exe[3604] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdf19fb0 5 bytes JMP 000007fffdea0180
.text C:\Windows\system32\Dwm.exe[3604] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdf1a150 5 bytes JMP 000007fffdea0110
.text C:\Windows\system32\Dwm.exe[3604] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8789e0 8 bytes JMP 000007fffdea01f0
.text C:\Windows\system32\Dwm.exe[3604] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe87be40 8 bytes JMP 000007fffdea01b8
.text C:\Windows\Explorer.EXE[3628] C:\Windows\system32\WININET.dll!HttpAddRequestHeadersA 00000000772ec2b0 5 bytes JMP 000000016fff00d8
.text C:\Windows\Explorer.EXE[3628] C:\Windows\system32\WININET.dll!HttpAddRequestHeadersW 00000000772f8074 5 bytes JMP 000000016fff0110
.text C:\Windows\Explorer.EXE[3628] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fefb0d3d40 5 bytes JMP 000007fffb0700d8
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3860] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076711429 7 bytes JMP 0000000171191e90
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3860] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 000000007672b223 5 bytes JMP 0000000171191da0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3860] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 00000000767a88f4 7 bytes JMP 0000000171191d90
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3860] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 00000000767a8979 5 bytes JMP 0000000171191e80
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3860] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000767a8ccf 5 bytes JMP 0000000171191e10
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3860] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076811d1b 5 bytes JMP 0000000171192450
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3860] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076811dc9 5 bytes JMP 00000001711924b0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3860] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076812aa4 5 bytes JMP 0000000171192520
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3860] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076812d0a 5 bytes JMP 0000000171192670
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3860] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007688e9a2 5 bytes JMP 0000000171191a00
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3860] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007688ebdc 5 bytes JMP 0000000171191a90
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3860] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076a25ea5 5 bytes JMP 0000000171191ce0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[3860] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a59d0b 5 bytes JMP 0000000171191c70
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3928] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076711429 7 bytes JMP 0000000171191e90
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3928] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007672b223 5 bytes JMP 0000000171191da0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3928] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767a88f4 7 bytes JMP 0000000171191d90
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3928] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767a8979 5 bytes JMP 0000000171191e80
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3928] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767a8ccf 5 bytes JMP 0000000171191e10
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3928] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076811d1b 5 bytes JMP 0000000171192450
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3928] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076811dc9 5 bytes JMP 00000001711924b0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3928] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076812aa4 5 bytes JMP 0000000171192520
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3928] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076812d0a 5 bytes JMP 0000000171192670
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3928] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007688e9a2 5 bytes JMP 0000000171191a00
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3928] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007688ebdc 5 bytes JMP 0000000171191a90
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3928] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076a25ea5 5 bytes JMP 0000000171191ce0
.text C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[3928] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a59d0b 5 bytes JMP 0000000171191c70
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b51465 2 bytes [B5, 77]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b514bb 2 bytes [B5, 77]
.text ... * 2
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4048] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775aefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4048] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775d99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4048] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775e94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4048] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775e9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4048] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007760a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdf13460 7 bytes JMP 000007fffdea00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdf19940 6 bytes JMP 000007fffdea0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4048] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdf19fb0 5 bytes JMP 000007fffdea0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdf1a150 5 bytes JMP 000007fffdea0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4048] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8789e0 8 bytes JMP 000007fffdea01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4048] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe87be40 8 bytes JMP 000007fffdea01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4048] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffac7490 11 bytes JMP 000007fffdea0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4048] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffadbf00 7 bytes JMP 000007fffdea0260
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2456] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775aefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2456] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775d99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2456] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775e94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2456] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775e9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2456] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007760a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2456] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdf13460 7 bytes JMP 000007fffdea00d8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2456] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdf19940 6 bytes JMP 000007fffdea0148
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2456] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdf19fb0 5 bytes JMP 000007fffdea0180
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2456] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdf1a150 5 bytes JMP 000007fffdea0110
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2456] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8789e0 8 bytes JMP 000007fffdea01f0
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2456] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe87be40 8 bytes JMP 000007fffdea01b8
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2456] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffac7490 11 bytes JMP 000007fffdea0228
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2456] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffadbf00 7 bytes JMP 000007fffdea0260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3824] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775aefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3824] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775d99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3824] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775e94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3824] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775e9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3824] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007760a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdf13460 7 bytes JMP 000007fffdea00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdf19940 6 bytes JMP 000007fffdea0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3824] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdf19fb0 5 bytes JMP 000007fffdea0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3824] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdf1a150 5 bytes JMP 000007fffdea0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3824] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffac7490 11 bytes JMP 000007fffdea0228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3824] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffadbf00 7 bytes JMP 000007fffdea0260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3824] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8789e0 8 bytes JMP 000007fffdea01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3824] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe87be40 8 bytes JMP 000007fffdea01b8
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775aefe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775d99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775e94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775e9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007760a500 7 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdf13460 7 bytes JMP 000007fffdea00d8
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdf19940 6 bytes JMP 000007fffdea0148
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdf19fb0 5 bytes JMP 000007fffdea0180
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdf1a150 5 bytes JMP 000007fffdea0110
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8789e0 8 bytes JMP 000007fffdea01f0
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe87be40 8 bytes JMP 000007fffdea01b8
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffac7490 11 bytes JMP 000007fffdea0228
.text C:\Windows\System32\igfxpers.exe[4136] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffadbf00 7 bytes JMP 000007fffdea0260
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4208] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076711429 7 bytes JMP 0000000171191e90
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4208] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007672b223 5 bytes JMP 0000000171191da0
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4208] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767a88f4 7 bytes JMP 0000000171191d90
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4208] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767a8979 5 bytes JMP 0000000171191e80
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4208] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767a8ccf 5 bytes JMP 0000000171191e10
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4208] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076811d1b 5 bytes JMP 0000000171192450
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4208] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076811dc9 5 bytes JMP 00000001711924b0
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4208] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076812aa4 5 bytes JMP 0000000171192520
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4208] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076812d0a 5 bytes JMP 0000000171192670
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4208] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007688e9a2 5 bytes JMP 0000000171191a00
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4208] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007688ebdc 5 bytes JMP 0000000171191a90
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4208] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076a25ea5 5 bytes JMP 0000000171191ce0
.text C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe[4208] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a59d0b 5 bytes JMP 0000000171191c70
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4300] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775aefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4300] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775d99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4300] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775e94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4300] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775e9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4300] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007760a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4300] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdf13460 7 bytes JMP 000007fffdea00d8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4300] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdf19940 6 bytes JMP 000007fffdea0148
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4300] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdf19fb0 5 bytes JMP 000007fffdea0180
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4300] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdf1a150 5 bytes JMP 000007fffdea0110
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4300] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8789e0 8 bytes JMP 000007fffdea01f0
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4300] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe87be40 8 bytes JMP 000007fffdea01b8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4300] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffac7490 11 bytes JMP 000007fffdea0228
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[4300] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffadbf00 7 bytes JMP 000007fffdea0260
.text C:\Program Files\Dell\QuickSet\quickset.exe[4320] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775aefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Dell\QuickSet\quickset.exe[4320] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775d99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Dell\QuickSet\quickset.exe[4320] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775e94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Dell\QuickSet\quickset.exe[4320] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775e9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Dell\QuickSet\quickset.exe[4320] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007760a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Dell\QuickSet\quickset.exe[4320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdf13460 7 bytes JMP 000007fffdea00d8
.text C:\Program Files\Dell\QuickSet\quickset.exe[4320] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdf19940 6 bytes JMP 000007fffdea0148
.text C:\Program Files\Dell\QuickSet\quickset.exe[4320] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdf19fb0 5 bytes JMP 000007fffdea0180
.text C:\Program Files\Dell\QuickSet\quickset.exe[4320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdf1a150 5 bytes JMP 000007fffdea0110
.text C:\Program Files\Dell\QuickSet\quickset.exe[4320] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8789e0 8 bytes JMP 000007fffdea01f0
.text C:\Program Files\Dell\QuickSet\quickset.exe[4320] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe87be40 8 bytes JMP 000007fffdea01b8
.text C:\Program Files\Dell\QuickSet\quickset.exe[4320] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffac7490 11 bytes JMP 000007fffdea0228
.text C:\Program Files\Dell\QuickSet\quickset.exe[4320] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffadbf00 7 bytes JMP 000007fffdea0260
.text C:\Program Files\Windows Sidebar\sidebar.exe[4464] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775aefe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Windows Sidebar\sidebar.exe[4464] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775d99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4464] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775e94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Windows Sidebar\sidebar.exe[4464] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775e9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Windows Sidebar\sidebar.exe[4464] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007760a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdf13460 7 bytes JMP 000007fffde900d8
.text C:\Program Files\Windows Sidebar\sidebar.exe[4464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdf19940 6 bytes JMP 000007fffde90148
.text C:\Program Files\Windows Sidebar\sidebar.exe[4464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdf19fb0 5 bytes JMP 000007fffde90180
.text C:\Program Files\Windows Sidebar\sidebar.exe[4464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdf1a150 5 bytes JMP 000007fffde90110
.text C:\Program Files\Windows Sidebar\sidebar.exe[4464] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8789e0 8 bytes JMP 000007fffde901f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[4464] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe87be40 8 bytes JMP 000007fffde901b8
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4820] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076711429 7 bytes JMP 0000000171191e90
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4820] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007672b223 5 bytes JMP 0000000171191da0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4820] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767a88f4 7 bytes JMP 0000000171191d90
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4820] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767a8979 5 bytes JMP 0000000171191e80
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4820] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767a8ccf 5 bytes JMP 0000000171191e10
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4820] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076811d1b 5 bytes JMP 0000000171192450
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4820] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076811dc9 5 bytes JMP 00000001711924b0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4820] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076812aa4 5 bytes JMP 0000000171192520
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4820] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076812d0a 5 bytes JMP 0000000171192670
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4820] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007688e9a2 5 bytes JMP 0000000171191a00
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4820] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007688ebdc 5 bytes JMP 0000000171191a90
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4820] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000076a25ea5 5 bytes JMP 0000000171191ce0
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[4820] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076a59d0b 5 bytes JMP 0000000171191c70
.text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdf13460 7 bytes JMP 000007fffdea00d8
.text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdf19940 6 bytes JMP 000007fffdea0148
.text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdf19fb0 5 bytes JMP 000007fffdea0180
.text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdf1a150 5 bytes JMP 000007fffdea0110
.text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feffac7490 11 bytes JMP 000007fffdea0228
.text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feffadbf00 7 bytes JMP 000007fffdea0260
.text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8789e0 8 bytes JMP 000007fffdea01f0
.text C:\Windows\system32\wbem\unsecapp.exe[4380] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe87be40 8 bytes JMP 000007fffdea01b8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdf13460 7 bytes JMP 000007fffdea00d8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdf19940 6 bytes JMP 000007fffdea0148
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdf19fb0 5 bytes JMP 000007fffdea0180
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdf1a150 5 bytes JMP 000007fffdea0110
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4500] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8789e0 8 bytes JMP 000007fffdea01f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4500] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe87be40 8 bytes JMP 000007fffdea01b8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b51465 2 bytes [B5, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b514bb 2 bytes [B5, 77]
.text ... * 2
.text C:\Windows\notepad.exe[2776] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775aefe0 5 bytes JMP 000000016fff0148
.text C:\Windows\notepad.exe[2776] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775d99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\notepad.exe[2776] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775e94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\notepad.exe[2776] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775e9640 5 bytes JMP 000000016fff0110
.text C:\Windows\notepad.exe[2776] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007760a500 7 bytes JMP 000000016fff01b8
.text C:\Windows\notepad.exe[2776] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdf13460 7 bytes JMP 000007fffdea00d8
.text C:\Windows\notepad.exe[2776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdf19940 6 bytes JMP 000007fffdea0148
.text C:\Windows\notepad.exe[2776] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdf19fb0 5 bytes JMP 000007fffdea0180
.text C:\Windows\notepad.exe[2776] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdf1a150 5 bytes JMP 000007fffdea0110
.text C:\Windows\notepad.exe[2776] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8789e0 8 bytes JMP 000007fffdea01f0
.text C:\Windows\notepad.exe[2776] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe87be40 8 bytes JMP 000007fffdea01b8
.text C:\Windows\notepad.exe[1356] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000775aefe0 5 bytes JMP 000000016fff0148
.text C:\Windows\notepad.exe[1356] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000775d99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\notepad.exe[1356] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000775e94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\notepad.exe[1356] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000775e9640 5 bytes JMP 000000016fff0110
.text C:\Windows\notepad.exe[1356] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007760a500 7 bytes JMP 000000016fff01b8
.text C:\Windows\notepad.exe[1356] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdf13460 7 bytes JMP 000007fffdea00d8
.text C:\Windows\notepad.exe[1356] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdf19940 6 bytes JMP 000007fffdea0148
.text C:\Windows\notepad.exe[1356] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdf19fb0 5 bytes JMP 000007fffdea0180
.text C:\Windows\notepad.exe[1356] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdf1a150 5 bytes JMP 000007fffdea0110
.text C:\Windows\notepad.exe[1356] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe8789e0 8 bytes JMP 000007fffdea01f0
.text C:\Windows\notepad.exe[1356] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe87be40 8 bytes JMP 000007fffdea01b8
.text C:\Users\Sarah Adler\gmer_2.1.19115.exe[6452] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076711429 7 bytes JMP 0000000171191e90
.text C:\Users\Sarah Adler\gmer_2.1.19115.exe[6452] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007672b223 5 bytes JMP 0000000171191da0
.text C:\Users\Sarah Adler\gmer_2.1.19115.exe[6452] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000767a88f4 7 bytes JMP 0000000171191d90
.text C:\Users\Sarah Adler\gmer_2.1.19115.exe[6452] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000767a8979 5 bytes JMP 0000000171191e80
.text C:\Users\Sarah Adler\gmer_2.1.19115.exe[6452] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000767a8ccf 5 bytes JMP 0000000171191e10
.text C:\Users\Sarah Adler\gmer_2.1.19115.exe[6452] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076811d1b 5 bytes JMP 0000000171192450
.text C:\Users\Sarah Adler\gmer_2.1.19115.exe[6452] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076811dc9 5 bytes JMP 00000001711924b0
.text C:\Users\Sarah Adler\gmer_2.1.19115.exe[6452] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076812aa4 5 bytes JMP 0000000171192520
.text C:\Users\Sarah Adler\gmer_2.1.19115.exe[6452] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076812d0a 5 bytes JMP 0000000171192670
.text C:\Users\Sarah Adler\gmer_2.1.19115.exe[6452] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 000000007688e9a2 5 bytes JMP 0000000171191a00
.text C:\Users\Sarah Adler\gmer_2.1.19115.exe[6452] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 000000007688ebdc 5 bytes JMP 0000000171191a90
---- Trace I/O - GMER 2.1 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80066205a4]<< stdcfltn.sys ACPI.sys iaStor.sys hal.dll fffffa80066205a4
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800660c060] fffffa800660c060
Trace 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8004c20af0] fffffa8004c20af0
Trace \Driver\stdcfltn[0xfffffa8004c0ea50] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80066205a4 fffffa80066205a4
Trace 5 stdcfltn.sys[fffff8800164ac52] -> nt!IofCallDriver -> [0xfffffa8004afbb20] fffffa8004afbb20
Trace 7 ACPI.sys[fffff88000f497a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b01050] fffffa8004b01050
---- Threads - GMER 2.1 ----
Thread System [4:264] fffffa8006622bb4
Thread C:\Windows\system32\svchost.exe [1136:2052] 0000000000232fc0
Thread C:\Windows\Explorer.EXE [3628:3656] 0000000003051430
Thread C:\Windows\Explorer.EXE [3628:3664] 0000000003153220
Thread C:\Windows\Explorer.EXE [3628:3344] 000000000313bd78
Thread C:\Windows\Explorer.EXE [3628:3348] 000000000313b704
Thread C:\Windows\Explorer.EXE [3628:3220] 000000000313a018
Thread C:\Windows\Explorer.EXE [3628:2592] 000000000313a018
Thread C:\Windows\Explorer.EXE [3628:6364] 000000000313b8ac
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2788:5872] 000007fefb282a7c
Thread C:\Windows\System32\svchost.exe [7000:1360] 000007fef1ae9688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289184150
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289184150@e83eb6c7833f 0xDB 0x9A 0xFB 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289184150@1c69a59010cc 0xC3 0xBA 0x03 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289184150 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289184150@e83eb6c7833f 0xDB 0x9A 0xFB 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289184150@1c69a59010cc 0xC3 0xBA 0x03 0x40 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
Disk \Device\Harddisk0\DR0 suspicious partition 4 80 (A) 17 Hidd HPFS/NTFS NTFS 10 MB offset 976744448
---- Files - GMER 2.1 ----
File C:\Users\Sarah Adler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OSENX3Q\bullet[1] 0 bytes
File C:\Users\Sarah Adler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3XXY8ZS\errorPageStrings[1] 0 bytes
---- EOF - GMER 2.1 ----
Ich weiß echt nichts mit diesen Daten anzufangen und hoffe inständig, es findet sich jemand, der mir helfen kann. Denn momentan sind wirklich sämtliche Dateien vom Erdboden verschluckt und ich habe offen gestanden ein bisschen Angst um den PC. Es sind garantiert noch einige Fragen zu klären, die ich natürlich so genau wie es nur geht zu beantworten versuchen werde. Ich wünsche einen schönen Abend und lg Sarah A. |
|
03.03.2013, 19:48
| #3 |
| /// Malware-holic   | plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz Hi,
__________________lade unhide: TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
03.03.2013, 20:02
| #4 |
| | plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz Hallo Markusg. Wahnsinn, wie schnell du geantwortet hast. Den ersten Schritt mit unhide konnte ich reibungslos ausführen, jetzt sind tatsächlich alle Icons auf dem Desktop sichtbar. Das Startmenü ist zwar noch immer leer (Bis auf Bluetooth) und auch die Taskleiste sieht noch erschreckend nackt aus. Der zweite Schritt konnte nur zur Hälfte ausgeführt werden. Download war erfolgreich. Das Programm selbst lässt sich nicht starten. Nach dem Doppelklick erscheint ganz normal die Frage, ob ich den Zugriff gewähren möchte, ich klicke auf "Ja", mehr passiert leider nicht. Das Selbe, wenn ich das Ganze als Admin ausführen möchte. Was nun? |
|
03.03.2013, 21:30
| #5 |
| /// Malware-holic | plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz ok, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.03.2013, 21:49
| #6 |
| | plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz Combofix wurde wie beschrieben ausgefürt, allerdings erscheint kein Logfile, es öffnet sich nach einer Weile ein leeres C:\ Administrator-Fenster (weiß nicht, wie ich es anders beschreiben soll) |
|
04.03.2013, 20:18
| #7 |
| /// Malware-holic | plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz hi starte mal neu, drücke f8 wähle abgesicherter modus, in deinem Konto anmelden, Combofix noch mal ausführen, wenn log erstellt neustarten und posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 21:40
| #8 |
| | plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz Will ich machen. Nach dem Doppelklick kommt die Frage, ob ich Combofix updaten möchte. Soll ich? Ist es eigentlich normal, dass sowohl das Internet als auch die komplette Bedienung des Computers so schleppend bzw. langsam ist? Ich meine, das ist ein ständiges Stop und Go hier mit ewigen Ladezeiten. Geändert von Sarah Faden (04.03.2013 um 21:57 Uhr) |
|
04.03.2013, 22:10
| #9 |
| /// Malware-holic | plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz ja updaten bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 22:18
| #10 |
| | plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz Okay, ich kam jetzt gar nicht in den abgesicherten Modus. F8 wurde ignoriert, Update herunter geladen und wieder wird kein Logfile erstellt. Oder wird das irgendwo anders abgespeichert..in einem anderen Verzeichnis? |
|
04.03.2013, 22:19
| #11 |
| /// Malware-holic | plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz ists denn bis zum ände, logfile wird erstellt, durchgelaufen könnte auch log.txt heißen und liegt auf c:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 22:29
| #12 |
| | plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz Ne, also kleines Fenster mit grüner Schrift und grünem Ladebalken. Ist dieser vollständig, schließt sich das Fenster automatisch, ohne, dass ich irgendwelche Buttens anklicken könnte. Danach kommt dann irgendwann das blaue Adminfenster. Files habe ich nicht gefunden |
|
04.03.2013, 22:30
| #13 |
| /// Malware-holic | plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz hi lösche deine Kopie von combofix mal. lads neu runter, dann rechtsklick auf die exe, umbenennen lösche: combofix.exe schreibe 2345.com enter und dann noch mal ausführen bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 22:41
| #14 |
| | plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz Hab ich gemacht. Hat sich aber nichts verändert Soll ich davon mal einen Screenshot machen? Ich konnte das Ganze eben doch noch im abgesicherten Modus machen, aber auch da wars das Selbe in grün |
|
05.03.2013, 19:43
| #15 |
| /// Malware-holic | plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz ok lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu plötzlich sämtliche Dateien/Ordner/Programme weg, Desktop schwarz |
| application/pdf:, autorun, bho, bonjour, browser, converter, desktop, error, failed, firefox, flash player, format, google, helper, home, install.exe, limited.com/facebook, logfile, microsoft office starter 2010, nicht möglich, nvidia update, nvpciflt.sys, plug-in, problem, realtek, registry, rundll, security, server, software, system, tracker, udp, windows, wscript.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
