| |
| |||||||
Log-Analyse und Auswertung: Zip Anhang mit TR/Roque.957311 geöffnetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.04.2013, 16:40
| #1 |
| |  Zip Anhang mit TR/Roque.957311 geöffnet Hallo ihr Profis, schön dass es euch gibt  Heute morgen hat meine Frau in ihrem web.de Postfach eine Spam mail (angeblich Mahnung von Sanicare.de) gefunden und die angehängte zip-Datei runtergeladen. Dann hat sie den Download-Order in Firefox geöffnet und auf die Datei geklickt  Danach hat sich ein Fenster mit lauter Hiroglyphen (sagt sie) geöffnet..... folgendes habe ich seit dem getan: - Zip-Datei mit Antivir untersucht: Fund TR/rogue.957311 - in Quarantäne verschoben - Windows Defender ausgeführt - kein Fund - Antivir übers ganze Systen laufen lassen - kein Fund - Malwarebytes übers ganze System laufen lassen - kein Fund - Defogger nach Anleitung hier im Forum: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:14 on 22/04/2013 (Dell)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 22.04.2013 16:16:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 52,67% Memory free 7,82 Gb Paging File | 5,73 Gb Available in Paging File | 73,33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,13 Gb Total Space | 330,30 Gb Free Space | 74,04% Space Free | Partition Type: NTFS Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.22 16:10:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.28 15:52:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.28 15:52:28 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.28 15:52:28 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.03.27 15:02:04 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012.03.27 15:02:02 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2012.03.27 15:01:56 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012.03.27 15:01:56 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2012.01.31 11:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2011.09.15 06:19:54 | 000,086,016 | ---- | M] () -- C:\Programme\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe PRC - [2010.12.29 20:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe PRC - [2010.12.15 17:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe PRC - [2010.11.06 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.06 06:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.10.06 04:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.06 04:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.10.01 23:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe ========== Modules (No Company Name) ========== MOD - [2013.02.15 20:55:05 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.13 15:26:58 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll MOD - [2013.01.13 15:26:58 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll MOD - [2013.01.11 11:37:03 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.11 11:36:32 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.11 11:36:19 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.11 11:36:14 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.11 11:36:11 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.11 11:36:10 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.11 11:36:04 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.05.30 08:39:02 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.12.15 17:46:50 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe MOD - [2010.11.25 05:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll MOD - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.11.06 08:11:36 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.12.03 17:26:34 | 003,143,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV - [2013.04.12 16:54:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.28 15:52:41 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.28 15:52:28 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.12 21:40:04 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.30 14:34:51 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2012.07.13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.27 15:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012.03.27 15:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2012.03.27 15:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012.01.31 11:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2011.09.16 01:41:28 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2011.09.16 01:28:06 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2011.09.16 01:24:52 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2011.09.15 16:54:46 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.09.15 06:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64) SRV - [2011.09.08 15:42:28 | 000,305,152 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.06.03 19:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2010.12.29 20:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2010.12.03 17:14:58 | 002,696,496 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010.11.06 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.06 04:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.06 04:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.09.23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 21:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.28 15:52:46 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.28 15:52:46 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.28 15:52:46 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.21 18:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.13 16:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012.02.13 15:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.11.06 16:01:52 | 010,208,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.11.06 07:34:34 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.09.26 09:40:28 | 012,309,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.09.18 09:26:52 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.09.15 16:48:24 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.09.15 16:48:24 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.09.08 15:42:28 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.08.23 13:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.06.21 22:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011.06.21 22:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.20 18:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2010.12.16 05:56:06 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.13 16:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010.12.10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.07 01:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.30 02:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.08.20 18:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ IE - HKCU\..\SearchScopes,DefaultScope = {3D66E81A-7403-4C61-B2B7-2245EB226AAB} IE - HKCU\..\SearchScopes\{3D66E81A-7403-4C61-B2B7-2245EB226AAB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://web.de/" FF - prefs.js..extensions.enabledAddons: %7B53A03D43-5363-4669-8190-99061B2DEBA5%7D:1.5.5 FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2012.05.30 06:42:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 16:54:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 16:54:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.17 10:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Extensions [2013.02.14 18:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\Firefox\Profiles\r4y2oheo.default\extensions [2013.01.03 20:26:08 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Dell\AppData\Roaming\mozilla\Firefox\Profiles\r4y2oheo.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2012.09.27 16:50:04 | 000,399,504 | ---- | M] () (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\r4y2oheo.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2013.02.14 18:55:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Dell\AppData\Roaming\mozilla\firefox\profiles\r4y2oheo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.12 16:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 16:54:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 18:11:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AviraSpeedup] C:\Program Files (x86)\AviraSpeedup\AviraSpeedup.exe (Avira) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dell\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F154892-42A4-4EBD-AEDB-3D39BD955A2B}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.22 16:10:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe [2013.04.22 14:09:53 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Malwarebytes [2013.04.22 14:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.22 14:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.22 14:09:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.04.22 14:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.22 14:08:45 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Programs [2013.04.12 16:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.11 11:44:58 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Buhl Data Service [2013.04.11 11:44:56 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Buhl Data Service [2013.04.11 11:43:48 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Buhl [2013.04.11 11:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer 2012 [2013.04.11 11:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steuer 2012 [2013.04.11 11:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH [2013.03.28 15:52:59 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.03.28 15:52:59 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.03.28 15:52:59 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013.03.24 16:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ========== Files - Modified Within 30 Days ========== [2013.04.22 16:14:05 | 000,000,000 | ---- | M] () -- C:\Users\Dell\defogger_reenable [2013.04.22 16:12:01 | 000,377,856 | ---- | M] () -- C:\Users\Dell\Desktop\gmer_2.1.19163.exe [2013.04.22 16:10:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe [2013.04.22 16:09:36 | 000,050,477 | ---- | M] () -- C:\Users\Dell\Desktop\Defogger.exe [2013.04.22 15:58:15 | 001,612,484 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.04.22 15:58:15 | 000,696,870 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.04.22 15:58:15 | 000,652,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.04.22 15:58:15 | 000,148,134 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.04.22 15:58:15 | 000,121,080 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.04.22 15:39:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.04.22 15:38:01 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.22 14:09:37 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.22 13:57:43 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.22 13:57:43 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.22 13:50:26 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.22 13:49:30 | 000,456,864 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.04.22 13:49:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.04.22 13:48:28 | 3148,214,272 | -HS- | M] () -- C:\hiberfil.sys [2013.04.20 10:03:53 | 000,000,590 | ---- | M] () -- C:\windows\wiso.ini [2013.04.14 19:42:26 | 000,025,043 | ---- | M] () -- C:\Users\Dell\Desktop\heidelberg.odt [2013.04.11 11:43:46 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Steuer 2012.lnk [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.03.30 20:00:34 | 000,020,696 | ---- | M] () -- C:\Users\Dell\Desktop\Zählerstände.ods [2013.03.28 15:52:46 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.03.28 15:52:46 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.03.28 15:52:46 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013.03.24 16:39:50 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk ========== Files Created - No Company Name ========== [2013.04.22 16:14:05 | 000,000,000 | ---- | C] () -- C:\Users\Dell\defogger_reenable [2013.04.22 16:12:00 | 000,377,856 | ---- | C] () -- C:\Users\Dell\Desktop\gmer_2.1.19163.exe [2013.04.22 16:09:34 | 000,050,477 | ---- | C] () -- C:\Users\Dell\Desktop\Defogger.exe [2013.04.22 14:09:37 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.11 11:43:49 | 000,000,590 | ---- | C] () -- C:\windows\wiso.ini [2013.04.11 11:43:46 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Steuer 2012.lnk [2013.03.24 16:39:50 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.03.06 19:16:39 | 000,007,602 | ---- | C] () -- C:\Users\Dell\AppData\Local\Resmon.ResmonCfg [2012.11.30 14:52:04 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.07.10 16:33:14 | 000,003,584 | ---- | C] () -- C:\Users\Dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.16 20:55:58 | 000,015,873 | ---- | C] () -- C:\windows\SysWow64\Inetde.dll [2012.05.30 08:21:42 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2012.05.30 08:21:20 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012.05.30 08:21:20 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012.05.30 08:21:19 | 013,903,360 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2012.05.30 08:21:19 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2012.05.30 08:21:19 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.05.30 08:21:18 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2012.05.30 06:11:06 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2012.05.30 06:04:16 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat [2012.05.30 05:59:04 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll [2012.02.26 14:02:17 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini [2012.02.26 14:02:12 | 000,000,324 | ---- | C] () -- C:\windows\Prelaunch.ini [2012.02.26 14:02:12 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini [2012.02.26 14:02:12 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini [2012.02.26 14:02:12 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini [2012.02.26 14:02:12 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini [2012.02.26 14:02:12 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini [2012.02.26 14:02:12 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini [2012.02.26 12:54:12 | 001,590,378 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.11.06 05:29:16 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.04.2013 16:16:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 52,67% Memory free
7,82 Gb Paging File | 5,73 Gb Available in Paging File | 73,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 330,30 Gb Free Space | 74,04% Space Free | Partition Type: NTFS
Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BC8C789-F3B9-42A7-AAA6-1D69A661269A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{117D4677-D8EA-40B9-9180-9DFE17E91E85}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1283A4DE-C313-4FAE-8042-7AA23B10431F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3132D0E6-A733-49BC-B081-C12E3CF44337}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{422AD37F-6FB6-4A23-9143-66B94919174E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A927413-5148-4029-9BA8-4C4976D23A58}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5E2AC7C0-314A-4CBB-8ED4-A99C25B52808}" = rport=445 | protocol=6 | dir=out | app=system |
"{6A463D46-71C3-4A78-8AC7-35A2CC31BAD7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F4D462D-1D33-4CB6-B63E-5679FEC30FE0}" = rport=137 | protocol=17 | dir=out | app=system |
"{71A9AA7A-567E-4B17-AEE3-FF6D6E14A1E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73B69D36-F0CF-465B-8CD3-2B677787F9AA}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{7681E210-3CD1-424A-971E-A41B0F9B9356}" = rport=139 | protocol=6 | dir=out | app=system |
"{7885BFAC-FE6F-43AA-9699-FA9FA0236AFD}" = lport=137 | protocol=17 | dir=in | app=system |
"{87FF8E46-5005-4CD4-AF8C-60B052C46BCE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{93F40161-FDDB-40BA-BF13-AD118786C601}" = lport=138 | protocol=17 | dir=in | app=system |
"{AC8E7156-242B-4CE3-83E7-CC12549F7371}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AFC544BD-0F6D-4245-A929-572A79FF0021}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B98ACCCB-7D1E-40A5-A7C3-986B1AB2B90F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB194FCB-6B84-4C74-BB34-B63B164E86AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C7963706-CC40-4CDE-AB91-8E9E3AFC7ABF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D864C982-D7A7-423D-BE77-679B471DFD69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA369F9F-05F8-47FF-94CE-FF2436AEAC64}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DA554FFE-A00F-48E5-AD8B-B6E591FF2653}" = lport=445 | protocol=6 | dir=in | app=system |
"{DBBA19C4-AAD1-4340-8AA9-40F2838247DA}" = lport=139 | protocol=6 | dir=in | app=system |
"{DDC0E055-B74A-459E-A1D4-4A08A737DFE7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F2090B15-0FB2-4573-B3F3-8D90064EA90F}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00157835-4941-4EDB-8FAF-48333FECC051}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{089018CE-FF27-43BF-B037-1273B7895A29}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0AA2009F-B8EE-4B08-9C8E-F433E19D82F9}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe |
"{1512C413-38C8-48A0-941C-3E3A0EBBF388}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1AAEA8AE-A448-45C3-9C9D-DB207041D598}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2326A654-26EE-4E86-A1BD-D11B14090837}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64server.exe |
"{2405D26C-B145-47F2-BF2A-35B8A0B18359}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{28E1CA45-4F9E-46C2-9B78-B0CE7382561C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{3221953B-4AC8-43E7-B7D3-817741E20375}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{396B2D02-7495-401D-9637-BB3924CDB0A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40499D98-55AB-4E3D-9C58-B7042B070CCE}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{4677DA17-B9B5-4014-8D7B-A3242B684C71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{480F099C-A9A3-41FC-A4AA-42C90B130D72}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe |
"{495D5EA1-01AC-493E-B677-50EBAEE462D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4E89CE42-6345-4329-8991-B0A2033A332D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F754371-9F94-4033-AEF1-EC696EF4AB17}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{578A1964-18F1-4488-A012-9E11B4DD9129}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe |
"{5A1F8F06-97B7-440A-8616-8B298FC5AB28}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{5CAE8FE3-0095-48C5-9C40-8C9F16EA1B95}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FC3C365-CB61-45BB-8585-88F851C1CD37}" = protocol=6 | dir=out | app=system |
"{621E5781-1769-46D0-AC65-2401415A6C9D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{62B95C17-DAB1-4428-AF74-E58F22D5A403}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{6E478732-72C8-4450-A005-E17C2C207CF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EE865C4-0FD7-4601-81A4-834C3AE7ABAB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8DB2F86C-285B-4558-8F91-30545D4342D6}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max design 2013\3dsmax.exe |
"{9ED8876C-4BB5-4549-9792-980F9D56316B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9F940E32-A58B-45B6-BF2B-3052DCBDD479}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A74FC99D-F505-4F8C-8218-EE719E1AD753}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{A7BDAB15-4005-4C7C-BCB7-F4FA26F0D3C4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA6BE318-9614-4B26-93A0-3B46F6811818}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE572531-9E61-431A-AD62-6C9E9BC9B489}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max design 2013\nvidia\raysat_3dsmax2013_64.exe |
"{B4CC58E6-4937-42CE-B8E8-82D4EB0258A1}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{BCEAC1C3-271C-40DF-9DE9-6E0C2105C738}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{C3DCD12D-B304-49D5-9754-AF9D45442D84}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA9AC0A5-9D62-46D5-9143-05512F089DA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D62675CA-48EA-49A1-BC8B-F0D0895AE209}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE9C3BF7-C818-4B00-A5D3-7A94271B3BFC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{F2DAEBC7-7A4A-4000-9601-58FABD8A153F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F8C24C10-FDCB-483A-B03F-79FACE294038}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{036983CC-5AA7-F67F-A0AC-E2A9395BAE1E}" = ccc-utility64
"{06388E0D-A364-478B-8E40-7D76142A8DF5}" = Autodesk Workflows - Product Design Suite 2013
"{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
"{07DC9A9D-1793-4EB4-AC1A-70750F9FB72B}" = Autodesk Navisworks Simulate 2013 - 2009 DWG File Reader
"{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in
"{0C821839-EA2A-48C2-BBD5-2B3D28159BC0}" = Autodesk Mudbox 2013 64-bit
"{0D53A298-B2B7-4746-BB92-B757A6E559C3}" = Autodesk Navisworks Simulate 2013 - 2010 DWG File Reader
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{107CB1E9-DDA9-40B5-8A6D-325361402200}" = Autodesk Navisworks Simulate 2013 - 2011 DWG File Reader
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{266597A9-1764-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) German Language Pack
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{295AEB79-B53A-4F1B-860F-7800BB7E3681}" = Intel(R) PROSet/Wireless WiFi-Software
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{3CB60177-D3D2-4E9C-BE4D-8372B34B4C7F}" = Autodesk SketchBook Designer 2013
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F744A9A-3067-4605-8864-DA1658059F0B}" = Autodesk Navisworks Simulate 2013 - 2008 DWG File Reader
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{56BAC4EE-B1DA-42A7-ACA5-7A353F2ED1DA}" = Validity Sensors DDK
"{5783F2D7-B005-0000-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2013 - Deutsch (German)
"{5783F2D7-B005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2013 Language Pack - Deutsch (German)
"{5783F2D7-B005-0407-2102-0060B0CE6BBA}" = AutoCAD Mechanical 2013 - Deutsch (German)
"{5783F2D7-B007-0407-0102-0060B0CE6BBA}" = AutoCAD Electrical 2013 - Deutsch (German)
"{5783F2D7-B007-0407-1102-0060B0CE6BBA}" = AutoCAD Electrical 2013 Language Pack - Deutsch
"{5783F2D7-B007-0407-2102-0060B0CE6BBA}" = AutoCAD Electrical 2013
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{5AF0B1A8-1EF7-0FF7-5504-4983FB76F914}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{62CBE596-1BB8-4D7B-A056-103287BAD1C4}" = Autodesk Essential Skills Movies for 3ds Max Design 2013 64-bit
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013
"{7B42AD25-3D13-4422-A445-F5E18BD963FC}" = Autodesk SketchBook Designer for AutoCAD 2013
"{7D65612F-53B4-0409-85AA-21DF5A8E9455}" = Autodesk 3ds Max Design 2013 64-bit
"{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor 2013
"{7F4DD591-1764-0001-1031-7107D70F3DB4}" = Autodesk Inventor 2013 Language Pack - Deutsch (German)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion Plugin for AutoCAD 2013
"{84A6C8C6-0000-0264-0002-83487CD4C147}" = Autodesk Product Design Suite Premium 2013
"{84A6C8C6-0010-0264-0002-83487CD4C147}" = Autodesk Product Design Suite 2013 Language Pack
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{907A3175-B78E-0407-A98B-0A97BDE8A59C}" = Autodesk Navisworks 2013 64-Bit-Exportmodul-Plugins Language Pack - Deutsch
"{90A2F9D3-3E5E-4EF4-BC83-E7795CEF1A42}" = Autodesk Navisworks Simulate 2013 - 2012 DWG File Reader
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975DFE7C-8E56-45BC-A329-401E6B1F8102}" = Dell Backup and Recovery Manager
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A15BFC7D-6A90-47E6-8C6E-D51B2929D8C8}" = Autodesk Showcase 2013 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
"{BC66B242-DF13-1664-851B-00123612ED98}" = Autodesk Inventor Server Engine for 3ds Max Design 2013 64-bit
"{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}" = DigitalPersona Fingerprint Software 5.20
"{CBED6FC7-FB20-4920-AA80-3D6F3459F902}" = Autodesk Navisworks Simulate 2013 - 2013 DWG File Reader
"{CF526A26-1764-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client)
"{CFAD9B91-391E-8337-859E-B14918E9ABB3}" = AMD AVIVO64 Codecs
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D28EFBA5-1764-4B79-946A-000BE950E8E2}" = Autodesk Product Design Suite 2013 Schnelle Deinstallation
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DE7FFE23-D092-5379-B83C-0E27FF07E329}" = Autodesk Navisworks 2013 64 bit Exporter Plug-ins
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F17E30E2-7ED4-0000-8A8E-CAB597E3F8ED}" = Autodesk Navisworks Simulate 2013
"{F17E30E2-7ED4-0407-8A8E-CAB597E3F8ED}" = Autodesk Navisworks Simulate 2013 Language Pack - Deutsch
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2013
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"AutoCAD Electrical 2013 - Deutsch (German)" = AutoCAD Electrical 2013 - Deutsch (German)
"AutoCAD Mechanical 2013 - Deutsch (German)" = AutoCAD Mechanical 2013 - Deutsch (German)
"Autodesk 3ds Max Design 2013 64-bit" = Autodesk 3ds Max Design 2013 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max Design 2013 64-bit
"Autodesk Inventor 2013" = Autodesk Inventor 2013 Deutsch (German)
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion Plugin for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"Autodesk Mudbox 2013 64-bit" = Autodesk Mudbox 2013 64-bit
"Autodesk Navisworks 2013 64 bit Exporter Plug-ins" = Autodesk Navisworks 2013 64 bit Exporter Plug-ins
"Autodesk Navisworks 2013 64-Bit-Exportmodul-Plugins Language Pack - Deutsch" = Autodesk Navisworks 2013 64-Bit-Exportmodul-Plugins Language Pack - Deutsch
"Autodesk Navisworks Simulate 2013" = Autodesk Navisworks Simulate 2013
"Autodesk Navisworks Simulate 2013 Language Pack - Deutsch" = Autodesk Navisworks Simulate 2013 Language Pack - Deutsch
"Autodesk Product Design Suite Premium 2013" = Autodesk Product Design Suite Premium 2013
"Autodesk Showcase 2013 64-bit" = Autodesk Showcase 2013 64-bit
"Autodesk SketchBook Designer 2013" = Autodesk SketchBook Designer 2013
"Autodesk SketchBook Designer for AutoCAD 2013" = Autodesk SketchBook Designer for AutoCAD 2013
"DWG TrueView 2013" = DWG TrueView 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"PC-Doctor for Windows" = Dell Support Center
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01159E8A-44F7-4885-A7F9-872CE4D74063}" = Steuer 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{12867B14-03B1-5FEA-B987-9508DBB92A51}" = Autodesk Navisworks 2013 32 bit Exporter Plug-ins
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{249A3D8F-FE03-374E-BFB2-ED3B1FF072C6}" = CCC Help Spanish
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34CB9121-4C52-7854-5E6B-30C00F603782}" = CCC Help Chinese Traditional
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EF2FD37-A6AF-030E-5140-6D64264CB0CC}" = CCC Help Swedish
"{4614113D-DB85-EBE8-C550-52D5134A25E5}" = Catalyst Control Center
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5CD64D9F-9525-4CED-34F9-CD600D486A7B}" = CCC Help Russian
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{60D2D550-6DA4-E943-592A-B71B577767A6}" = PX Profile Update
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E469237-BA9E-DF10-9DE1-1BC649DEDC01}" = Catalyst Control Center InstallProxy
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70E3E97D-726D-B60E-B776-AC3200A870F3}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{7E30BC50-4F89-1E78-BE14-13395A356BE7}" = CCC Help Dutch
"{7EC2E893-73FC-6AEA-F8C6-A7C74C541C73}" = CCC Help French
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84D61D1B-4F89-D6B1-79B9-FA390A9B05F5}" = CCC Help Japanese
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8754105B-2BEF-0407-83F9-573C69BB204F}" = Autodesk Navisworks 2013 32-Bit-Exportmodul-Plugins Language Pack - Deutsch
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E5921F0-8370-171D-D0D1-C83A7BD17400}" = CCC Help Danish
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9669EB2-B188-2D11-1562-BBB7BF0342E9}" = CCC Help Italian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.5) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B5E44903-EE08-4B97-9A0F-08E2E1AAACF5}" = PowerXpressHybrid
"{BB531F76-F03F-B6DC-B740-830B46A60616}" = Catalyst Control Center Profiles Mobile
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7755E3B-57EF-ADF8-A112-85C14D0388D0}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB89DE9-C8FD-4D33-986A-DBDEC5309378}" = Catalyst Control Center - Branding
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2643DB8-3102-A67F-E1C0-4292FACC3637}" = CCC Help Portuguese
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF86FC7A-4065-D2D2-99FB-E86E8CB9D64E}" = CCC Help Korean
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBEA3B88-360E-858B-53F5-1948FF0466D9}" = CCC Help German
"{ED18994D-D12A-CD81-D1B9-C8844B5654BB}" = CCC Help Chinese Standard
"{ED3264CD-DF55-ECEE-9ED6-C85BAD78512F}" = CCC Help Finnish
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F13E6A6E-95B7-0352-2292-AAADF81FC560}" = CCC Help English
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE6DCC8D-427F-405C-A779-C93B6D9F77A5}" = Autodesk Civil View for 3ds Max Design 2013
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Autodesk Content Service" = Autodesk Content Service
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Autodesk Navisworks 2013 32 bit Exporter Plug-ins" = Autodesk Navisworks 2013 32 bit Exporter Plug-ins
"Autodesk Navisworks 2013 32-Bit-Exportmodul-Plugins Language Pack - Deutsch" = Autodesk Navisworks 2013 32-Bit-Exportmodul-Plugins Language Pack - Deutsch
"Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviraSpeedup" = Avira System Speedup
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Dell Webcam Central" = Dell Webcam Central
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"ProInst" = Intel PROSet Wireless
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.01.2013 08:56:55 | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
2013\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.01.2013 05:30:17 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.01.2013 05:25:22 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.01.2013 10:05:42 | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
2013\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.01.2013 04:34:40 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.01.2013 16:40:17 | Computer Name = Dell-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.01.2013 13:41:18 | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
2013\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 05.02.2013 09:58:58 | Computer Name = Dell-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: STacSV64.exe, Version: 1.0.6365.0,
Zeitstempel: 0x4e68a05a Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc000000d Fehleroffset: 0x00000000000737e2
ID
des fehlerhaften Prozesses: 0x1b8 Startzeit der fehlerhaften Anwendung: 0x01cdf5bbee4eb11f
Pfad
der fehlerhaften Anwendung: C:\Program Files\IDT\WDM\STacSV64.exe Pfad des fehlerhaften
Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 2f82b63b-6f9c-11e2-a51e-4ceb4294832d
Error - 06.02.2013 09:23:10 | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
2013\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 06.02.2013 14:40:45 | Computer Name = Dell-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\Composite
2013\python\lib\distutils\command\wininst-8_d.exe". Die abhängige Assemblierung
"Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 09.03.2013 10:45:50 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description =
Error - 09.03.2013 17:36:27 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description =
Error - 10.03.2013 15:30:03 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description =
Error - 13.03.2013 12:06:36 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description =
Error - 14.03.2013 15:51:11 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description =
Error - 17.03.2013 14:39:52 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Audio Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 22.03.2013 11:25:03 | Computer Name = Dell-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 23.03.2013 08:51:55 | Computer Name = Dell-PC | Source = DCOM | ID = 10005
Description =
Error - 23.03.2013 08:51:55 | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%109
Error - 25.03.2013 04:40:08 | Computer Name = Dell-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-22 17:15:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JF3O 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Dell\AppData\Local\Temp\pxldapod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031b2000 45 bytes [00, 00, BD, 00, 46, 69, 6C, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800031b202f 17 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2044] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[2044] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe[2228] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753a1465 2 bytes [3A, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[2876] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753a14bb 2 bytes [3A, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4840:4412] 000007fefc292a7c
Thread C:\windows\System32\svchost.exe [5616:5696] 000007fee9f29688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4294832d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4294832d@e8cba1465d59 0xE0 0x3D 0x79 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb4294832d@5cff353fb196 0x41 0xC5 0xBE 0x8F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4294832d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4294832d@e8cba1465d59 0xE0 0x3D 0x79 0xD0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb4294832d@5cff353fb196 0x41 0xC5 0xBE 0x8F ...
---- EOF - GMER 2.1 ----
Vielen Dank vorab |
| Themen zu Zip Anhang mit TR/Roque.957311 geöffnet |
| 32 bit, antivir, autorun, avira, bho, converter, error, fehler, firefox, flash player, format, helper, home, igdpmd64.sys, install.exe, logfile, monitor.exe, mozilla, mp3, ntdll.dll, plug-in, realtek, registry, rundll, scan, software, spam, svchost.exe, system, usb, windows |
Baum-Darstellung