|
Log-Analyse und Auswertung: 100 Tan Abfrage Commerzbank windows 8Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.04.2013, 12:59 | #1 |
| 100 Tan Abfrage Commerzbank windows 8 Guten Tag, ich bin neu hier im Forum und habe gelesen, daß ich in Bezug auf das o.g. Thema nicht die Anweisungen anderer Betroffener kopieren soll sondern nochmals direkt fragen soll, zumal mir viele Erklärungen recht schwierig vorkommen. Ich hatte heute eben auch die Aufforderung der 100 Tan-Abfrage, habe daraufhin meinen Zugang sperren lassen. MacAffee gbt an keine Probleme zu haben, aber dies bedeutet wohl nicht viel. Kann mir jemand helfen, was kann ich tun um eine Formatierung zu umgehen? Vielen Dank. BritaOTL Logfile: Code:
ATTFilter OTL logfile created on: 24.04.2013 14:06:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brita\Downloads 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 5,94 Gb Available Physical Memory | 75,14% Memory free 15,90 Gb Paging File | 13,49 Gb Available in Paging File | 84,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 911,66 Gb Total Space | 843,27 Gb Free Space | 92,50% Space Free | Partition Type: NTFS Computer Name: BRITA-PC | User Name: Brita | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.24 14:06:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brita\Downloads\OTL (1).exe PRC - [2013.04.24 10:05:46 | 000,072,704 | ---- | M] () -- C:\Users\Brita\AppData\Roaming\ie_util.exe PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Brita\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.03.07 05:31:03 | 000,247,808 | ---- | M] () -- C:\Users\Brita\AppData\Roaming\Otuws\yraw.exe PRC - [2013.01.10 11:02:16 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.01.10 11:02:12 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.01.10 11:02:08 | 001,475,952 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.18 03:10:18 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe PRC - [2012.10.09 10:22:48 | 000,187,912 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe PRC - [2012.05.18 10:36:46 | 000,109,184 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\SA3\CxUtilSvc.exe PRC - [2012.03.11 00:55:02 | 000,150,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe PRC - [2012.03.07 00:28:30 | 000,577,024 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2012.02.16 19:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2012.02.01 23:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.02.01 23:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2012.01.27 23:30:16 | 000,465,216 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2012.01.27 04:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2012.01.27 04:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE PRC - [2012.01.21 18:35:24 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.01.21 18:35:22 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.06.29 15:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe PRC - [2010.09.30 10:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe ========== Modules (No Company Name) ========== MOD - [2013.04.24 10:05:46 | 000,072,704 | ---- | M] () -- C:\Users\Brita\AppData\Roaming\ie_util.exe MOD - [2013.04.01 08:39:50 | 006,998,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\0247de206c1c48ac4f8b55df16468405\System.Core.ni.dll MOD - [2013.04.01 08:39:31 | 009,937,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll MOD - [2013.04.01 08:39:17 | 016,544,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll MOD - [2013.03.07 05:31:03 | 000,247,808 | ---- | M] () -- C:\Users\Brita\AppData\Roaming\Otuws\yraw.exe MOD - [2013.02.17 09:08:24 | 011,843,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\514763136e7ea4730f5fb8120b6bbb30\System.Web.ni.dll MOD - [2013.02.17 09:08:12 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll MOD - [2013.02.17 09:07:56 | 000,220,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\1f3dbc5b0a874bf49a4559e71274f8ba\System.ServiceProcess.ni.dll MOD - [2013.01.26 10:19:37 | 001,880,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\f641b786d36d1cc5a5531a746c96ce1b\System.Xaml.ni.dll MOD - [2013.01.26 10:19:10 | 000,786,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\bbebe831e3b0761ad47dcc09231cbc29\System.Runtime.Remoting.ni.dll MOD - [2013.01.26 10:18:50 | 018,542,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\8347ac8367f91309fa888d79a54c7450\PresentationFramework.ni.dll MOD - [2013.01.26 10:18:37 | 010,926,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\1c7f4533b2b24c10a628793a8b93e1a7\PresentationCore.ni.dll MOD - [2013.01.26 10:18:27 | 003,910,144 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\15cc4fff434f274c1f6ab56a385dcb54\WindowsBase.ni.dll MOD - [2013.01.26 10:18:20 | 007,561,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll MOD - [2013.01.26 10:18:16 | 000,958,464 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\05cc6faa6704d01e78700561b22937e3\System.Configuration.ni.dll MOD - [2013.01.12 12:08:10 | 000,014,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d3edce503ff7e862db8dfee91d4bfb79\IAStorCommon.ni.dll MOD - [2013.01.12 12:07:57 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\fe30f9017b763714b1372d77204cd3d0\System.Transactions.ni.dll MOD - [2013.01.12 12:07:52 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e2f7dbe3bf08df200a4cdcf2e0eb82fa\System.Runtime.Remoting.ni.dll MOD - [2013.01.12 12:07:52 | 000,488,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7bf30f7cd515481c33bdfbe81806a834\IAStorUtil.ni.dll MOD - [2013.01.12 12:07:47 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll MOD - [2013.01.12 12:07:41 | 002,297,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\fb048f69c5b71baf063604bd1724b078\System.Core.ni.dll MOD - [2013.01.12 11:59:31 | 005,453,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll MOD - [2013.01.12 11:59:23 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll MOD - [2013.01.12 11:59:17 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9ef15bfde4d664e24a6c6886e8fb03eb\PresentationFramework.Aero.ni.dll MOD - [2013.01.12 11:59:16 | 014,344,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e07f712f0af54ae2a9ad237baa4c54b3\PresentationFramework.ni.dll MOD - [2013.01.12 11:59:07 | 012,240,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\552e0b1cffc85b2d7bb8f202dbf6b58f\PresentationCore.ni.dll MOD - [2013.01.12 11:58:59 | 003,349,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\24cc53e26c02f2d0dbb139045428ef76\WindowsBase.ni.dll MOD - [2013.01.12 11:58:57 | 007,988,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll MOD - [2013.01.12 11:58:53 | 011,494,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll MOD - [2012.10.10 03:35:25 | 005,992,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll MOD - [2012.10.10 03:35:25 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll MOD - [2012.10.10 03:35:25 | 000,446,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll MOD - [2012.10.10 03:35:25 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll MOD - [2012.09.28 23:41:48 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll MOD - [2012.09.14 00:04:06 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.09.14 00:04:06 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2012.07.06 04:01:14 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2012.07.06 04:01:02 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll MOD - [2012.07.06 04:01:00 | 000,569,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll MOD - [2012.07.06 04:01:00 | 000,507,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll MOD - [2012.01.27 04:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2011.06.29 15:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf MOD - [2010.12.21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.02.19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2013.02.19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2013.02.19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012.08.31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\mcafee\virusscan\mcods.exe -- (McODS) SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.10.09 10:22:48 | 000,187,912 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery) SRV - [2012.10.06 01:12:10 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.08.04 12:16:42 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc) SRV - [2012.05.18 10:36:46 | 000,109,184 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Programme\CONEXANT\SA3\CxUtilSvc.exe -- (CxUtilSvc) SRV - [2012.02.16 19:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2012.02.01 23:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012.01.21 18:35:24 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.01.21 18:35:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.01.11 04:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.12.08 17:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2011.12.08 17:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2011.12.08 17:43:48 | 000,618,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2011.12.08 17:43:44 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2011.12.05 16:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.12.05 15:55:36 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.03.09 00:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\mcafee\msc\McAWFwk.exe -- (McAWFwk) SRV - [2010.11.29 22:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.09.30 10:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010.09.23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.08.26 03:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013.03.02 12:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2013.02.19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2013.02.19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2013.02.19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2013.02.19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2013.02.19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2013.02.19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2013.02.19 14:40:52 | 000,069,168 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mfeelamk.sys -- (mfeelamk) DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.06 01:12:34 | 009,004,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 06:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 06:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid) DRV:64bit: - [2012.07.26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr) DRV:64bit: - [2012.07.26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.26 00:53:22 | 011,926,528 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.06.29 04:00:48 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.06.02 16:31:47 | 011,400,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwNe64.sys -- (NETwNe64) DRV:64bit: - [2012.05.18 10:36:44 | 001,604,736 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2012.04.20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012.03.21 18:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2012.03.14 12:42:50 | 000,201,008 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD) DRV:64bit: - [2012.02.13 16:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012.02.02 01:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.02.01 19:59:38 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR) DRV:64bit: - [2011.12.06 00:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.29 19:36:22 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.11.11 03:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.06.16 21:40:20 | 000,176,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2010.11.29 22:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2006.11.01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{A491393E-F974-436F-B6DF-955B6D8F2C3F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{A491393E-F974-436F-B6DF-955B6D8F2C3F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {44D7AAAC-46C5-40FD-82C8-A0DB52549D45} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{44D7AAAC-46C5-40FD-82C8-A0DB52549D45}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE9SRC IE - HKCU\..\SearchScopes\{EEB4B86F-9E81-4CC7-805A-0E9F574698BE}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=D3286314-6D94-48BF-8509-5139EAFE377F&apn_sauid=C8D7657D-857E-429B-B00E-FD5FB91A3069 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013.03.09 11:30:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.12.26 14:18:12 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: CHR - Extension: Google Drive = C:\Users\Brita\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Brita\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Brita\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Brita\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20121024114405.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121024114405.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AMD AVT] C:\WINDOWS\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe () O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [IExplorer Util] C:\Users\Brita\AppData\Roaming\ie_util.exe () O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [Punoockayn] C:\Users\Brita\AppData\Roaming\Otuws\yraw.exe () O4 - Startup: C:\Users\Brita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Brita\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (GMNRev Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CAFF706-764A-4FB6-9F46-84B67134290E}: NameServer = 217.0.43.193 217.0.43.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F3C395E-C03A-4C7C-9CFF-BA31479E6177}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.24 13:23:56 | 000,000,000 | ---D | C] -- C:\Users\Brita\AppData\Roaming\SpeedMaxPc [2013.04.24 13:23:56 | 000,000,000 | ---D | C] -- C:\Users\Brita\AppData\Roaming\DriverCure [2013.04.24 13:23:45 | 000,000,000 | ---D | C] -- C:\Users\Brita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedMaxPc [2013.04.24 13:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedMaxPc [2013.04.24 13:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc [2013.04.24 13:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedMaxPc [2013.04.24 13:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.04.24 12:49:48 | 000,000,000 | ---D | C] -- C:\Users\Brita\Documents\Simply Super Software [2013.04.24 12:49:48 | 000,000,000 | ---D | C] -- C:\Users\Brita\AppData\Roaming\Simply Super Software [2013.04.24 12:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2013.04.24 12:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2013.04.24 12:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.04.24 10:04:40 | 000,000,000 | ---D | C] -- C:\Users\Brita\AppData\Roaming\Qyugdo [2013.04.24 10:04:40 | 000,000,000 | ---D | C] -- C:\Users\Brita\AppData\Roaming\Otuws [2013.04.24 10:04:40 | 000,000,000 | ---D | C] -- C:\Users\Brita\AppData\Roaming\Abuke [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.24 13:59:00 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.04.24 13:59:00 | 000,001,122 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.04.24 13:48:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.04.24 13:39:37 | 000,000,000 | ---- | M] () -- C:\Users\Brita\defogger_reenable [2013.04.24 13:24:02 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\SpeedMaxPc Registration3.job [2013.04.24 13:23:45 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\SpeedMaxPc Update3.job [2013.04.24 13:23:45 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\SpeedMaxPc.job [2013.04.24 13:08:03 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.04.24 13:05:52 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.04.24 13:05:45 | 2070,687,743 | -HS- | M] () -- C:\hiberfil.sys [2013.04.24 10:05:46 | 000,072,704 | ---- | M] () -- C:\Users\Brita\AppData\Roaming\ie_util.exe [2013.04.23 08:02:16 | 001,892,708 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2013.04.23 08:02:16 | 000,808,702 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2013.04.23 08:02:16 | 000,756,940 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2013.04.23 08:02:16 | 000,179,046 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2013.04.23 08:02:16 | 000,151,048 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2013.04.20 17:10:11 | 000,423,664 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2013.03.30 15:49:49 | 000,001,013 | ---- | M] () -- C:\Users\Brita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.30 15:49:45 | 000,000,981 | ---- | M] () -- C:\Users\Brita\Desktop\Dropbox.lnk [2013.03.26 09:14:18 | 000,140,344 | ---- | M] () -- C:\Users\Brita\Documents\PDF_Rechnung_M211130067774183_03-2013.pdf [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.24 13:39:37 | 000,000,000 | ---- | C] () -- C:\Users\Brita\defogger_reenable [2013.04.24 13:24:01 | 000,000,482 | ---- | C] () -- C:\WINDOWS\tasks\SpeedMaxPc Registration3.job [2013.04.24 13:23:45 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\SpeedMaxPc Update3.job [2013.04.24 13:23:45 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\SpeedMaxPc.job [2013.04.24 10:05:47 | 000,072,704 | ---- | C] () -- C:\Users\Brita\AppData\Roaming\ie_util.exe [2013.04.20 17:09:37 | 000,423,664 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2013.04.12 16:32:24 | 000,387,867 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml [2013.03.26 09:14:18 | 000,140,344 | ---- | C] () -- C:\Users\Brita\Documents\PDF_Rechnung_M211130067774183_03-2013.pdf [2012.11.28 15:17:24 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2012.11.28 15:17:18 | 000,974,848 | ---- | C] () -- C:\WINDOWS\SysWow64\cis-2.4.dll [2012.11.28 15:17:18 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_bs-2.3.dll [2012.11.28 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_pe-2.3.dll [2012.11.28 15:17:18 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_se-2.3.dll [2012.10.31 13:08:09 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2012.10.06 01:12:28 | 000,598,780 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng700.bin [2012.10.06 01:12:22 | 000,755,048 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng700.bin [2012.10.06 01:12:10 | 000,064,512 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll [2012.08.04 12:32:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012.08.04 12:30:56 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblup.dat [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [2012.03.26 10:52:28 | 000,054,784 | ---- | C] () -- C:\WINDOWS\SysWow64\OVDecode.dll [2012.01.31 14:00:24 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll [2012.01.11 03:39:16 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2012.11.04 08:38:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.24 14:02:01 | 000,000,000 | ---D | M] -- C:\Users\Brita\AppData\Roaming\Abuke [2013.04.24 13:23:56 | 000,000,000 | ---D | M] -- C:\Users\Brita\AppData\Roaming\DriverCure [2013.04.24 13:09:16 | 000,000,000 | ---D | M] -- C:\Users\Brita\AppData\Roaming\Dropbox [2012.10.30 12:12:14 | 000,000,000 | ---D | M] -- C:\Users\Brita\AppData\Roaming\Fingertapps [2013.04.24 10:04:40 | 000,000,000 | ---D | M] -- C:\Users\Brita\AppData\Roaming\Otuws [2013.04.24 10:04:40 | 000,000,000 | ---D | M] -- C:\Users\Brita\AppData\Roaming\Qyugdo [2013.01.30 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\Brita\AppData\Roaming\Samsung [2013.04.24 12:49:48 | 000,000,000 | ---D | M] -- C:\Users\Brita\AppData\Roaming\Simply Super Software [2013.04.24 13:23:56 | 000,000,000 | ---D | M] -- C:\Users\Brita\AppData\Roaming\SpeedMaxPc ========== Purity Check ========== < End of report > extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.04.2013 14:06:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brita\Downloads 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 5,94 Gb Available Physical Memory | 75,14% Memory free 15,90 Gb Paging File | 13,49 Gb Available in Paging File | 84,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 911,66 Gb Total Space | 843,27 Gb Free Space | 92,50% Space Free | Partition Type: NTFS Computer Name: BRITA-PC | User Name: Brita | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00AB4567-8126-4973-8B63-0F690FB84F75}" = rport=137 | protocol=17 | dir=out | app=system | "{1A639431-17FA-4F92-BD91-F296CB456751}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{25A3602F-54EB-4249-BA6A-391F3EF1DCC1}" = lport=139 | protocol=6 | dir=in | app=system | "{2B70A042-8E0D-413D-839E-243C03FD0E4D}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 | "{33851B7A-CB0F-4B63-9C67-59BA2576F02F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4AA82668-36C7-46C1-A3BE-320B19AFDDA4}" = lport=138 | protocol=17 | dir=in | app=system | "{4ED647B0-6DB6-4537-A62B-6B723AF5B96E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{562A04D5-28F8-4BC8-BB81-1F45500EA962}" = rport=139 | protocol=6 | dir=out | app=system | "{70775E7D-20E3-4A03-85BB-4135E2CB4037}" = rport=445 | protocol=6 | dir=out | app=system | "{7A2E50D4-6FA0-4A4E-A5ED-775055CD8899}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{804C48C3-7E4B-45CE-B0BF-3E6134904DE3}" = lport=137 | protocol=17 | dir=in | app=system | "{A7148765-184F-4D57-B747-A6E24D5E1F54}" = lport=445 | protocol=6 | dir=in | app=system | "{A743E115-644F-43B7-B97B-487AECAE2C7A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B2C7D3E9-5CD6-453A-8994-73649A9B4216}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{B6C7F0F1-F0E4-4C42-A708-36C1AFCDDF01}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 | "{D9CC840A-B5F2-4729-AB59-204B7730255B}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 | "{DBFD262E-04F0-4E29-80C2-D146EB644BE0}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 | "{E62F4408-89EC-47C3-B9EE-A4F2A8C43F2D}" = rport=138 | protocol=17 | dir=out | app=system | "{F6FD83B4-9474-4415-8AAB-B0172344AACD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02BEFFC4-44C3-4CB0-BA31-0DBF65669F0C}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{0607E6AB-1AB5-4CDF-B56E-71E750F43F49}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe | "{147EA57C-92C5-4D86-837A-4491F5D0474F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1D924A96-4F08-4A1A-B5CC-00C124BEBC5C}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{205E7A48-3D07-4334-B677-75F614352F10}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{25B653E7-FF49-4D3A-9144-DBE6F999C7A5}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{29365E0B-2E92-48F1-99A8-784CC0B99DE4}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe | "{2F650722-4207-4D1B-AB72-6ABEAF94DA18}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{3021B851-8163-48A7-B4F8-414DA9A55241}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{33BB1D14-7A4A-43E7-94DC-509BF679056E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{3CC56CFB-A99B-422D-B020-374B3A7F386F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3F9A0F8B-EEB0-41AB-B0EA-F90A2B316AF3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{418E0A3C-DE79-4DFC-8C52-BAE8E51153B9}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{41E4987A-EBF2-467B-A60A-A834EAFF188A}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | "{41F1DC2A-16BF-40F4-8D7A-02A92A733801}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe | "{43CDCC28-0E09-45CB-A612-683E45398A49}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{4D4C5D0C-2383-4542-ACD4-DF83EEB4CD87}" = protocol=17 | dir=in | app=c:\users\brita\appdata\roaming\dropbox\bin\dropbox.exe | "{4E23B682-1647-423E-AE77-46590BFF3DFB}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{4F63C3B5-E60C-463E-B91A-64B5B240F777}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe | "{51E33313-77A4-4A0A-A5E8-2681F0EA83ED}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe | "{55415CDB-7A82-4E95-B59F-6F87160F34A7}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{5FDE0841-A0C8-4F0B-A84F-68B53C94FFB4}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{625FDD67-5A2E-4F33-BA5D-F4FD188FE9BF}" = protocol=6 | dir=in | app=c:\users\brita\appdata\roaming\dropbox\bin\dropbox.exe | "{66CA2FB8-749E-461D-8483-9EAADDC38564}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{699F8F19-0F1B-468F-85AF-82D4798613BC}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | "{6A7ADB22-4A53-4ED0-8BA3-328F58EDAAB4}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{712D68F8-FC4A-4D2C-B95F-0B046AC9763C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7759C1A8-E7EA-465C-9C23-6AF789682EE2}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe | "{7AFB09D9-2A0F-4C5C-9731-D4DAD2FAA7E7}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe | "{7C540395-3155-4300-8A34-13B8806FC5EC}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{7D475D2C-B62F-4D0A-9BAD-21E1FED55011}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{925F4F7B-0E1E-4A3A-B1CB-405FCDB2E371}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe | "{95192C91-23F6-4378-B770-2B5E6A923232}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe | "{9712EF45-2EEE-45C1-B7A6-F1CAA57BE2AA}" = protocol=17 | dir=in | app=c:\users\brita\appdata\roaming\dropbox\bin\dropbox.exe | "{9C01FE16-3544-4FC4-892D-4E2279758EC0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{9D805B3A-3115-4B07-8D04-6264CD61A0E9}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{A36FA7AD-91DC-4348-9CC2-6C524241BEA0}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{A9010E86-15E7-461C-8AC7-27E12096C597}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{A91CE6FB-05A1-47D3-AF0F-91AA50EE83C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A923A0B8-0A64-4986-92EC-181DBF0E3590}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{ACBE1F29-2ABE-4A44-8790-30FA7D8FFCCE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{B29CE53D-8A83-48EC-B7AA-40E3BDF31BE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B8B17767-1F9F-45F0-8F27-8D3E31F8F277}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{BAAD12F0-A8B0-4DC6-BB2B-12B8A16B5E5D}" = protocol=6 | dir=in | app=c:\users\brita\appdata\roaming\dropbox\bin\dropbox.exe | "{BC53777F-E9C6-491B-8D8B-90700154A3FA}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{CA390007-0C7B-4B17-8761-5F5DD75727EF}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | "{D5822571-0C93-406C-A451-811CFCA3D972}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe | "{DAAD9689-64E6-4DA3-93E2-92B062D49826}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{E09AE48C-E15E-42E9-A565-AEC6BD5AD4BA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{E2CA8FFA-A973-4BD0-89F2-8B0224BA00BA}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{E76D6531-3796-4BF9-92A6-0A3A4AA84CF0}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E8A4E272-F59B-4E22-B00D-EA88F9A47EFE}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe | "{F92A1AED-CC0A-44DF-B640-EBA431353D4D}" = dir=out | name=windows_ie_ac_001 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display "{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client "{5D8648DD-7BF1-96C9-975D-F3BE6F41DFBA}" = ccc-utility64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{678979BB-E9FC-A8C8-63FD-2EC2E48BECFF}" = AMD AVIVO64 Codecs "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 "{CBF9DE49-4705-36D5-F40F-3939E38F5D71}" = AMD Accelerated Video Transcoding "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D219E54B-AC0F-E3E8-AA62-DF563A20696E}" = AMD Catalyst Install Manager "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi-Software "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "cMaxxPreset" = Conexant Maxx Preset "CNXT_AUDIO_HDA" = Conexant SmartAudio HD "Dell Support Center" = Dell Support Center "Elantech" = Dell Touchpad "ProInst" = Intel PROSet Wireless "SA3" = Dell Audio [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{1341F917-C3E5-413E-A11C-AA58273843C4}" = SpeedMaxPc "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{1D4EE8FE-F31C-4258-9360-5B8B8309B14B}" = Adobe Premiere Elements 9 Content "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1EEAFF54-E1A1-4E76-6B8F-94D077537383}" = CCC Help Spanish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37AB0223-AF54-49C5-92AA-BFC9648CD323}" = Adobe Premiere Elements 9 HD Content 3 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3CBBE028-978B-4876-ABC1-EF9ED6C20C4E}" = Adobe Premiere Elements 9 Content 2 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E668045-01FA-C8C0-9CFB-E14D158DA244}" = CCC Help Chinese Standard "{3E90B7F4-1817-4405-B4A5-E4EA5EC0E2B3}" = Dell MusicStage "{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer "{44A5966D-2340-C22D-4F24-E7D9BD05BFF2}" = CCC Help Japanese "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B3230C5-F069-416B-9169-1B84A216ED6A}" = Dell Digital Delivery "{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection "{50405301-8163-4EB2-409D-C79B4DAE6B67}" = Catalyst Control Center "{50D90C59-4F5C-48BC-AFB2-38475412F0CA}" = Adobe Premiere Elements 9 Content 1 "{51FDC2DE-0917-46B7-EAEC-5377504701DE}" = PowerXpressHybrid "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{53A321FB-2740-DC24-1A13-2C764B5CBFE0}" = CCC Help Swedish "{54B846C0-7D87-063A-5570-DEA031A3280F}" = CCC Help Portuguese "{5F9AAF4A-B9B0-489D-AE67-73470A4714FE}" = Adobe Premiere Elements 9 HD Content 1 "{61C559D2-5039-4970-A42C-EDD50E23943C}" = Catalyst Control Center - Branding "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7AA85983-85AA-A5D4-3194-084C0B8B04E2}" = CCC Help Danish "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{7DDC3624-C631-49D1-B281-82EC3A27AA7C}" = Adobe Premiere Elements 9 Content 3 "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4 "{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}" = Intel(R) WiDi "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9427E9F4-3C7C-A8D5-B61E-F41F452121DB}" = CCC Help Norwegian "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{97C8DB88-7241-4101-93BF-52E355CBB671}" = CCC Help Dutch "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C516C08-FAA5-4650-46E0-57F6BC2D1196}" = CCC Help Russian "{9CBD1CFF-980C-2EB2-8D36-3E28F3EB39C0}" = CCC Help Italian "{9D4026D4-B292-3C3E-93B4-D490F298AE74}" = CCC Help German "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player "{A420599B-011E-B5CB-9D9E-96DB8C70E21D}" = Catalyst Control Center Localization All "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC313587-CD54-62B3-C75F-FB7BE6FEE652}" = Catalyst Control Center Profiles Mobile "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote "{AFEA34C5-3D2C-4A67-71A9-2D1F23DC5835}" = CCC Help Finnish "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{C00D8A72-21D9-38FE-7C59-213CBA54C49A}" = Catalyst Control Center InstallProxy "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D0EDFF5D-95EF-BA19-AE58-661628E6DDB9}" = PX Profile Update "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E240C78D-8F35-456A-8876-15FF6901B7E0}" = Adobe Premiere Elements 9 HD Content 2 "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer "{E2EA5E0A-D322-E878-C0F6-011DD829E54A}" = CCC Help Chinese Traditional "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9 "{EDD0B5FD-2CDE-3C0A-372D-625CD4960DEB}" = CCC Help French "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F086BC41-1324-EC75-1BAA-6636D1C66F20}" = CCC Help English "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F2BB9FB8-37B5-969D-ACBB-C208D29E6F2B}" = CCC Help Korean "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9 "Adobe Premiere Elements 9 Content" = Adobe Premiere Elements 9 Content "Adobe Premiere Elements 9 Content 1" = Adobe Premiere Elements 9 Content 1 "Adobe Premiere Elements 9 Content 2" = Adobe Premiere Elements 9 Content 2 "Adobe Premiere Elements 9 Content 3" = Adobe Premiere Elements 9 Content 3 "Adobe Premiere Elements 9 HD Content 1" = Adobe Premiere Elements 9 HD Content 1 "Adobe Premiere Elements 9 HD Content 2" = Adobe Premiere Elements 9 HD Content 2 "Adobe Premiere Elements 9 HD Content 3" = Adobe Premiere Elements 9 HD Content 3 "Advanced Audio FX Engine" = Advanced Audio FX Engine "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Dell Webcam Central" = Dell Webcam Central "Google Chrome" = Google Chrome "InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "MSC" = McAfee SecurityCenter "Office14.SingleImage" = Microsoft Office Home and Business 2010 "PremElem90" = Adobe Premiere Elements 9 "Trojan Remover_is1" = Trojan Remover 6.8.5 "WildTangent dell Master Uninstall" = WildTangent-Spiele "WinLiveSuite" = Windows Live Essentials "WT089409" = Bejeweled 2 Deluxe "WT089411" = Build-a-lot 2 "WT089412" = Cake Mania "WT089413" = Chuzzle Deluxe "WT089414" = Diner Dash 2 Restaurant Rescue "WT089415" = Dora's World Adventure "WT089418" = FATE "WT089420" = Jewel Quest "WT089422" = Jewel Quest Solitaire 2 "WT089433" = Polar Golfer "WT089434" = Escape Whisper Valley (TM) "WT089440" = Namco All-Stars PAC-MAN "WT089444" = Final Drive Nitro "WT089445" = Penguins! "WT089446" = Wedding Dash - Ready, Aim, Love! "WT089448" = Zuma Deluxe "WT089450" = Farm Frenzy "WT089452" = Plants vs. Zombies - Game of the Year "WT089499" = Final Drive Fury "WT089503" = Samantha Swift "WT089507" = Luxor "WT089508" = Polar Bowler "ZinioReader4" = Zinio Reader 4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.04.2013 04:22:56 | Computer Name = Brita-PC | Source = ESENT | ID = 490 Description = taskhostex (10108) WebCacheLocal: Versuch, Datei "C:\Users\Brita\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error - 07.04.2013 04:22:56 | Computer Name = Brita-PC | Source = ESENT | ID = 439 Description = taskhostex (10108) WebCacheLocal: Die Shadowkopfzeile für Datei C:\Users\Brita\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat konnte nicht geschrieben werden. Fehler -1032. Error - 07.04.2013 04:22:56 | Computer Name = Brita-PC | Source = ESENT | ID = 454 Description = taskhostex (10108) WebCacheLocal: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1032 auf. Error - 07.04.2013 04:23:06 | Computer Name = Brita-PC | Source = ESENT | ID = 490 Description = taskhostex (10108) WebCacheLocal: Versuch, Datei "C:\Users\Brita\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error - 07.04.2013 04:23:06 | Computer Name = Brita-PC | Source = ESENT | ID = 439 Description = taskhostex (10108) WebCacheLocal: Die Shadowkopfzeile für Datei C:\Users\Brita\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat konnte nicht geschrieben werden. Fehler -1032. Error - 07.04.2013 04:23:06 | Computer Name = Brita-PC | Source = ESENT | ID = 454 Description = taskhostex (10108) WebCacheLocal: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1032 auf. Error - 07.04.2013 04:23:16 | Computer Name = Brita-PC | Source = ESENT | ID = 490 Description = taskhostex (10108) WebCacheLocal: Versuch, Datei "C:\Users\Brita\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error - 07.04.2013 04:23:16 | Computer Name = Brita-PC | Source = ESENT | ID = 439 Description = taskhostex (10108) WebCacheLocal: Die Shadowkopfzeile für Datei C:\Users\Brita\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat konnte nicht geschrieben werden. Fehler -1032. Error - 07.04.2013 04:23:16 | Computer Name = Brita-PC | Source = ESENT | ID = 454 Description = taskhostex (10108) WebCacheLocal: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -1032 auf. Error - 07.04.2013 06:26:12 | Computer Name = Brita-PC | Source = Application Hang | ID = 1002 Description = Programm IEXPLORE.EXE, Version 10.0.9200.16519 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e4c Startzeit: 01ce337a3e87e436 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: 8bf82f14-9f6d-11e2-be96-685d43eaef10 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 08.04.2013 14:11:25 | Computer Name = Brita-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: StageRemote.exe, Version: 2.0.0.43, Zeitstempel: 0x4e086589 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420, Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00061206 ID des fehlerhaften Prozesses: 0x1298 Startzeit der fehlerhaften Anwendung: 0x01ce34844b5c7faa Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: b91a79a6-a077-11e2-be98-685d43eaef10 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: [ Dell Events ] Error - 24.10.2012 09:01:54 | Computer Name = Brita-PC | Source = DataSafe | ID = 3 Description = Fehlgeschlagen oder abgebrochen Error - 24.10.2012 09:03:02 | Computer Name = Brita-PC | Source = DataSafe | ID = 3 Description = Fehlgeschlagen oder abgebrochen Error - 24.10.2012 09:45:53 | Computer Name = Brita-PC | Source = DataSafe | ID = 3 Description = Fehlgeschlagen oder abgebrochen Error - 24.10.2012 10:00:52 | Computer Name = Brita-PC | Source = DataSafe | ID = 3 Description = Fehlgeschlagen oder abgebrochen [ System Events ] Error - 30.03.2013 12:34:17 | Computer Name = Brita-PC | Source = BTHUSB | ID = 327710 Description = Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert. Error - 01.04.2013 02:39:17 | Computer Name = Brita-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070103 fehlgeschlagen: Intel Corporation - Storage Controller - Intel(R) 7 Series Chipset Family SATA AHCI Controller Error - 01.04.2013 04:06:16 | Computer Name = Brita-PC | Source = BTHUSB | ID = 327710 Description = Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert. Error - 01.04.2013 13:10:14 | Computer Name = Brita-PC | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 02.04.2013 03:27:01 | Computer Name = Brita-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070103 fehlgeschlagen: Intel Corporation - Storage Controller - Intel(R) 7 Series Chipset Family SATA AHCI Controller Error - 02.04.2013 03:54:29 | Computer Name = Brita-PC | Source = Ntfs | ID = 55 Description = In der Dateisystemstruktur auf Volume "OS" wurde eine Beschädigung erkannt. In einer Indexstruktur des Dateisystems wurde eine Beschädigung gefunden. Die Dateireferenznummer ist 0x100000002a57f. Der Name der Datei ist "\Windows\servicing\Packages". Das Attribut des beschädigten Indexes ist ":$I30:$INDEX_ALLOCATION". Error - 03.04.2013 03:17:25 | Computer Name = Brita-PC | Source = DCOM | ID = 10010 Description = Error - 03.04.2013 03:17:25 | Computer Name = Brita-PC | Source = DCOM | ID = 10010 Description = Error - 03.04.2013 03:18:26 | Computer Name = Brita-PC | Source = BTHUSB | ID = 327710 Description = Der lokale Adapter bietet keine Unterstützung für einen wichtigen Controllerstatus für energiearme Geräte. Die mindestens erforderliche unterstützte Statusmaske ist "0x1f7fffff", vorhanden ist jedoch "0x1f3fffff". Die Funktionalität für energiearme Geräte wird deaktiviert. Error - 04.04.2013 04:33:36 | Computer Name = Brita-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070103 fehlgeschlagen: Intel Corporation - Storage Controller - Intel(R) 7 Series Chipset Family SATA AHCI Controller < End of report > Geändert von ninnibaer (24.04.2013 um 13:18 Uhr) |
24.04.2013, 14:21 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | 100 Tan Abfrage Commerzbank windows 8 Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
Themen zu 100 Tan Abfrage Commerzbank windows 8 |
abfrage, adobe reader xi, anderer, aufforderung, betroffener, bingbar, diner dash, direkt, formatierung, forum, frage, fragen, gen, guten, heute, install.exe, kopieren, neu, nochmals, ntdll.dll, plug-in, probleme, recht, sperre, sperren, super, tan, tan-abfrage, thema, umgehen, unerwarteter fehler, wildtangent games, windows, wscript.exe, zugang |