| |
| |||||||
Log-Analyse und Auswertung: Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.05.2013, 21:20
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.05.2013, 21:37
| #17 |
 | Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen Hier der JRT:
__________________JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Andree Bohlmann on 12.05.2013 at 22:25:12,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] sprotection
Successfully deleted: [Service] sprotection
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iminent
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iminentmessenger
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotect
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3978098729-3601256905-1607446451-1002\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\babylonhelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft llc
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Umbrella
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortapp.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escorteng.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\iminent.webbooster.internetexplorer.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\tbcommonutils.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\tbhelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.downloadargs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.linktopromoteargs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.rawdataargs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.tinyurlargs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.virallinkargs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.clientcallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.contractbase
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.addtousercontentcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.checkloginstatuscommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.cleancachecommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.gameovercallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getcreditcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getinstallationcontextcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getloginstatuscommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getloginstatusresult
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getvariablecommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getvariableresult
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.installationcontextresult
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loadcontentcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loadcontentcommandresult
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.logincommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loginstatuschangedcallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.logoutcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.mergeidentitycommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.myaccountcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.playcontentcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.postcontentcallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.recycleviewscommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.setvariablecommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showbrowserwindowcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showcontrolcentercommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showpluginwindowcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.testcontentcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.usercontentchangedcallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.variablechangedcallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.warmupcommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.welcomecommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.servercommand
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.serverresult
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.lightcontent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.lighturi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.mediatorserviceproxy
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.activecontenthandle.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.activecontenthandler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.browserhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.browserhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.scriptextender
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.scriptextender.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.tinyurlhandler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.tinyurlhandler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\482aa67ad25e6e74e9f48bd5fbe8533c
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\482aa67ad25e6e74e9f48bd5fbe8533c
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylon_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\babylon_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\quickshare_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\quickshare_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3176921
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB3E77BA-7FA7-40C5-AB20-63AED43A8588}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
~~~ Files
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\iminent"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\xxxxx\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\xxxxx\AppData\Roaming\delta"
Successfully deleted: [Folder] "C:\Users\xxxxx\AppData\Roaming\iminent"
Successfully deleted: [Folder] "C:\Users\xxxxx\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\xxxxx\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\xxxxx\appdata\local\downtango"
Successfully deleted: [Folder] "C:\Users\xxxxx\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\xxxxx\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\xxxxx\appdata\locallow\delta"
Successfully deleted: [Folder] "C:\Users\xxxxx\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\delta"
Failed to delete: [Folder] "C:\Program Files (x86)\iminent"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\umbrella"
Successfully deleted: [Empty Folder] C:\Users\xxxxx\appdata\local\{1218D41A-0062-4431-B4F7-33EB3F4D6918}
Successfully deleted: [Empty Folder] C:\Users\xxxxx\appdata\local\{2756CE8C-54CC-4E7A-BCE8-A1DCFD8D52F4}
Successfully deleted: [Empty Folder] C:\Users\xxxxx\appdata\local\{46B1DB13-8D2D-42D5-A512-5964BC734E0F}
Successfully deleted: [Empty Folder] C:\Users\xxxxx\appdata\local\{55148304-36F3-44BE-B82D-C9EDA6A9E8E5}
Successfully deleted: [Empty Folder] C:\Users\xxxxx\appdata\local\{60E4A3EE-68A7-40BC-8D9A-02795AC01F59}
Successfully deleted: [Empty Folder] C:\Users\xxxxx\appdata\local\{6BA61A77-9B69-47F7-AE69-828FE2EBF47E}
Successfully deleted: [Empty Folder] C:\Users\xxxxx\appdata\local\{79403B5A-2463-46AD-A362-6450EDD46A91}
Successfully deleted: [Empty Folder] C:\Users\xxxxx\appdata\local\{7CF5A000-4489-4987-89B8-931D2C8850DF}
Successfully deleted: [Empty Folder] C:\Users\xxxxx\appdata\local\{9241A30C-F0EB-44CB-9D92-206EFF023AEF}
Successfully deleted: [Empty Folder] C:\Users\xxxxx\appdata\local\{A6F9F865-F812-48C7-98AB-FA5C0FE56757}
~~~ FireFox
Successfully deleted: [File] C:\Users\xxxxx\AppData\Roaming\mozilla\firefox\profiles\qbbxfhhi.default\user.js
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\ocr@babylon.com
Emptied folder: C:\Users\xxxxx\AppData\Roaming\mozilla\firefox\profiles\qbbxfhhi.default\minidumps [5 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.05.2013 at 22:30:04,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[/CODE] jetzt der adwCleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.300 - Datei am 12/05/2013 um 22:39:48 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : xxxxx - MYLAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxxxx\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Gophoto.it
Ordner Gelöscht : C:\Program Files (x86)\hdvidcodec.com
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\Red Sky
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gelöscht : C:\Users\xxxxx\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\SearchProtect
Schlüssel Gelöscht : HKCU\Software\a53dcd8b335b842
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\F496E1F70881F5D4DB720A0D5A738946
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\F496E1F70881F5D4DB720A0D5A738946
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\a53dcd8b335b842
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7F1E694F-1880-4D5F-BD27-A0D0A5379864}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\qbbxfhhi.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Andree Bohlmann\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [15051 octets] - [08/03/2013 23:26:53]
AdwCleaner[S1].txt - [14650 octets] - [08/03/2013 23:27:52]
AdwCleaner[S2].txt - [30662 octets] - [12/05/2013 22:39:48]
########## EOF - C:\AdwCleaner[S2].txt - [30723 octets] ##########
[/CODE] |
|
12.05.2013, 21:50
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen Was ist mit OTL?
__________________
__________________ |
|
12.05.2013, 22:15
| #19 |
| | Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen Und noch OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.05.2013 22:49:17 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxxx\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 49,70% Memory free 7,83 Gb Paging File | 5,53 Gb Available in Paging File | 70,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,13 Gb Total Space | 189,33 Gb Free Space | 42,44% Space Free | Partition Type: NTFS Drive D: | 6,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MYLAPTOP | User Name: xxxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.09 13:45:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxx\Downloads\OTL.exe PRC - [2013.04.10 08:56:41 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.04.05 00:41:44 | 025,863,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe PRC - [2013.01.02 17:15:44 | 000,181,360 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe PRC - [2012.11.19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012.11.02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2012.02.01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe PRC - [2011.09.06 19:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE PRC - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2011.08.01 19:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2010.12.21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.17 17:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe PRC - [2010.11.17 17:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe PRC - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe PRC - [2010.10.12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2010.10.01 23:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe PRC - [2009.05.21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe PRC - [2009.05.21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe ========== Modules (No Company Name) ========== MOD - [2013.04.10 08:56:55 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Andree Bohlmann\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.02.14 04:29:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.10 07:10:00 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll MOD - [2013.01.10 06:46:53 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 06:46:22 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll MOD - [2013.01.10 06:46:04 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 06:46:01 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll MOD - [2013.01.10 06:45:54 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 06:45:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 06:45:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 06:45:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 06:45:40 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Andree Bohlmann\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012.08.30 21:14:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2012.02.01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe MOD - [2012.02.01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll MOD - [2012.02.01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll MOD - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2010.12.17 17:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe MOD - [2010.11.25 05:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll MOD - [2010.11.17 17:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe MOD - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe MOD - [2010.11.17 17:35:28 | 000,657,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll ========== Services (SafeList) ========== SRV - [2013.04.22 17:29:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.01.02 17:15:40 | 000,247,328 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws) SRV - [2012.11.02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2010.12.21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.17 21:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010.12.17 21:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2010.12.17 21:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010.11.29 22:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010.08.26 03:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Personal 2012\WNt500x64\Sandra.sys -- (SANDRA) DRV:64bit: - [2013.05.09 12:27:34 | 000,065,736 | ---- | M] (Prevx) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\pxrts.sys -- (pxrts) DRV:64bit: - [2013.04.11 03:18:40 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2013.03.15 07:53:06 | 000,284,448 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\nvkflt.sys -- (nvkflt) DRV:64bit: - [2013.03.15 07:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.12.10 04:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.11.08 04:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.04.01 17:57:58 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.04.01 17:57:57 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011.12.15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.08.17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.08.17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.08.17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.08.17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.07 22:52:24 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.02.11 00:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.02.11 00:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.01.31 17:24:46 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvstusb.sys -- (NvStUSB) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.22 19:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.12.13 19:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010.12.01 12:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010.11.29 22:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.11 03:32:20 | 000,172,632 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.16 02:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.10.12 19:39:04 | 000,039,528 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV:64bit: - [2010.10.12 19:39:02 | 000,232,680 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV:64bit: - [2010.09.24 03:44:48 | 001,394,224 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.08.20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2010.07.13 04:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\qicflt.sys -- (qicflt) DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.27 17:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.10.05 22:22:20 | 000,044,320 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.11.01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010.10.12 19:39:04 | 000,039,528 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2010.10.12 19:39:02 | 000,232,680 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2009.10.05 22:22:20 | 000,044,320 | R--- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{354F2F5A-2A8A-4DEB-8896-1A7E9414F087}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{354F2F5A-2A8A-4DEB-8896-1A7E9414F087}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013.04.17 09:51:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.08.30 14:44:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.09 09:23:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.09 09:24:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Extensions [2013.05.10 22:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\qbbxfhhi.default\extensions [2013.05.10 22:12:18 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\xxxxx\AppData\Roaming\mozilla\firefox\profiles\qbbxfhhi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.09 09:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://start.iminent.com/?appId=DA0E3890-15E7-4586-ADD1-6616C27355A5 CHR - homepage: hxxp://start.iminent.com/?appId=DA0E3890-15E7-4586-ADD1-6616C27355A5 O1 HOSTS File: ([2013.05.10 00:58:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Andree Bohlmann\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - Startup: C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andree Bohlmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {3A5EF8E2-34B2-4B01-962B-FF430245CCA4} hxxp://192.168.0.102/IPCamPluginDM.cab (IC3015PlugIn Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{083C6684-B6B7-4C47-8A13-84A328DAD385}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E55EFD59-7E60-42B0-AAFA-4FF70198D4A0}: DhcpNameServer = 10.0.0.138 10.0.0.138 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\WINDOWS\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\WINDOWS\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.10.18 11:13:14 | 000,000,074 | R--- | M] () - D:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.12 22:45:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6 [2013.05.12 22:25:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.12 22:24:57 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.10 21:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.10 20:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Egosoft [2013.05.10 20:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DownloadManager [2013.05.10 11:08:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.10 01:31:59 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.10 00:48:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.10 00:48:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.10 00:48:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.10 00:46:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.10 00:46:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.09 12:27:34 | 000,065,736 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys [2013.05.09 12:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI [2013.05.09 09:24:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Mozilla [2013.05.09 09:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.09 09:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.05 15:31:56 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\LumacDaemon [2013.05.05 15:31:47 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Firstload [2013.05.05 15:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lumac [2013.05.05 15:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.05.05 08:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2013.05.05 07:34:56 | 000,000,000 | ---D | C] -- C:\Temp [2013.05.05 07:24:46 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\Neue Spiele [2013.05.05 05:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\MGTEK [2013.05.05 00:28:16 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.05.04 23:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\af0.net [2013.05.04 10:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2013.05.04 10:59:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2013.05.04 10:51:29 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\TuneUp Software [2013.05.04 10:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.05.04 10:06:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV [2013.05.04 10:06:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV [2013.05.04 10:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.05.03 22:59:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.05.03 22:59:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.05.03 22:00:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\tor [2013.05.03 22:00:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Maruw [2013.05.03 22:00:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Kygad [2013.04.30 23:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow [2013.04.30 23:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow [2013.04.28 12:24:45 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\ratDVD [2013.04.25 19:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.17 09:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.12 22:49:39 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.12 22:49:39 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.12 22:42:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.12 22:41:57 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys [2013.05.12 22:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.12 20:45:04 | 119,897,394 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2013.05.12 20:41:20 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.05.11 22:28:55 | 000,476,867 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2013.05.10 20:31:57 | 000,001,134 | ---- | M] () -- C:\Users\xxxxx\Desktop\X2 The Threat.lnk [2013.05.10 00:58:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.09 18:02:51 | 000,002,532 | ---- | M] () -- C:\Users\Public\Documents\AVG Scan 09.05.2013.csv [2013.05.09 17:43:23 | 000,008,150 | ---- | M] () -- C:\Users\Public\Documents\AVG Virenscan 09.05.2013.csv [2013.05.09 13:41:22 | 000,000,020 | ---- | M] () -- C:\Users\xxxxx\defogger_reenable [2013.05.09 12:27:34 | 000,065,736 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys [2013.05.09 12:20:59 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2013.05.09 09:23:39 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.06 21:25:40 | 001,642,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.06 21:25:40 | 000,707,484 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.06 21:25:40 | 000,661,062 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.06 21:25:40 | 000,153,044 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.06 21:25:40 | 000,125,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.05 15:31:29 | 000,002,693 | ---- | M] () -- C:\Users\Public\Desktop\Lumac.lnk [2013.05.05 15:18:44 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.05 07:22:25 | 000,001,483 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.05.05 00:47:06 | 000,349,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.04 23:54:44 | 000,001,415 | ---- | M] () -- C:\Users\xxxxx\Desktop\Internet Explorer.lnk [2013.05.04 11:47:09 | 000,002,084 | ---- | M] () -- C:\Users\xxxxx\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.05.04 11:47:09 | 000,002,013 | ---- | M] () -- C:\Users\xxxxx\Desktop\Avira DE-Cleaner.lnk [2013.04.22 05:32:50 | 000,000,016 | ---- | M] () -- C:\Users\xxxxx\Ausgaben Hausbau.odb.lck [2013.04.21 14:36:59 | 000,004,866 | ---- | M] () -- C:\Users\xxxxx\Ausgaben Hausbau.odb [2013.04.17 09:51:00 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.10 20:31:57 | 000,001,134 | ---- | C] () -- C:\Users\xxxxx\Desktop\X2 The Threat.lnk [2013.05.10 00:48:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.10 00:48:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.10 00:48:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.10 00:48:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.10 00:48:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.09 18:02:51 | 000,002,532 | ---- | C] () -- C:\Users\Public\Documents\AVG Scan 09.05.2013.csv [2013.05.09 17:43:23 | 000,008,150 | ---- | C] () -- C:\Users\Public\Documents\AVG Virenscan 09.05.2013.csv [2013.05.09 13:41:22 | 000,000,020 | ---- | C] () -- C:\Users\xxxxx\defogger_reenable [2013.05.09 09:23:39 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.09 09:23:39 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.05 15:31:29 | 000,002,699 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lumac.lnk [2013.05.05 15:31:29 | 000,002,693 | ---- | C] () -- C:\Users\Public\Desktop\Lumac.lnk [2013.05.05 15:18:44 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.04 23:54:44 | 000,001,415 | ---- | C] () -- C:\Users\xxxxx\Desktop\Internet Explorer.lnk [2013.05.04 11:47:09 | 000,002,013 | ---- | C] () -- C:\Users\xxxxx\Desktop\Avira DE-Cleaner.lnk [2013.05.04 10:03:50 | 003,065,455 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.04.30 23:01:53 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2013.04.20 19:08:46 | 000,000,016 | ---- | C] () -- C:\Users\xxxxx\Ausgaben Hausbau.odb.lck [2013.04.20 19:08:39 | 000,004,866 | ---- | C] () -- C:\Users\xxxxx\Ausgaben Hausbau.odb [2013.03.09 01:25:15 | 000,000,103 | ---- | C] () -- C:\Users\xxxxx\AppData\Local\fusioncache.dat [2013.03.08 23:37:34 | 000,026,900 | ---- | C] () -- C:\Users\xxxxx\AppData\Local\dt.dat [2013.02.26 16:00:01 | 006,171,691 | ---- | C] () -- C:\Users\xxxxx\kaufanwärtervertrag.pdf [2013.02.25 18:13:45 | 003,570,938 | ---- | C] () -- C:\Users\xxxxx\Kopie Ausweis.pdf [2013.02.13 19:47:30 | 000,016,112 | ---- | C] () -- C:\Users\xxxxx\Stellungnahme Körperverletzung 08.02.2013.odt [2013.01.29 22:08:04 | 000,011,769 | ---- | C] () -- C:\Users\xxxxx\überstunden.odt [2012.12.28 00:19:03 | 000,021,402 | ---- | C] () -- C:\Users\xxxxx\Anhörung 27.12.2012.odt [2012.12.19 19:59:25 | 000,014,134 | ---- | C] () -- C:\Users\xxxxx\2. Antrag Fangschaltung.odt [2012.12.16 23:12:43 | 000,022,276 | ---- | C] () -- C:\Users\xxxxx\Beschwerde 16.12.2012.odt [2012.12.16 17:18:49 | 000,014,070 | ---- | C] () -- C:\Users\xxxxx\lebenslauf andree.odt [2012.12.16 16:10:27 | 000,015,411 | ---- | C] () -- C:\Users\xxxxx\Bewerbung Andree.odt [2012.12.15 11:26:08 | 000,014,939 | ---- | C] () -- C:\Users\xxxxx\Checkliste Matthias.odt [2012.11.03 23:37:34 | 000,014,254 | ---- | C] () -- C:\Users\xxxxx\Verlängerung Fangschaltung.odt [2012.10.27 21:14:36 | 000,000,448 | ---- | C] () -- C:\Windows\SysWow64\iolo.ini [2012.10.16 18:55:41 | 001,106,951 | ---- | C] () -- C:\Users\xxxxx\Hinweis Jobcenter 1.odt [2012.10.16 18:28:17 | 004,693,729 | ---- | C] () -- C:\Users\xxxxx\Kopie Ausweis.odt [2012.10.16 18:13:55 | 000,015,356 | ---- | C] () -- C:\Users\xxxxx\Antrag Fangschaltung.odt [2012.09.15 22:43:36 | 000,018,850 | ---- | C] () -- C:\Users\xxxxx\Beschwerde 15.09.2012.odt [2012.09.15 22:00:53 | 000,014,357 | ---- | C] () -- C:\Users\xxxxx\Stellungnahme Beschwerde 14.09.2012.odt [2012.09.07 17:38:12 | 005,775,456 | R--- | C] ( ) -- C:\Windows\SysWow64\RTKISDBT.dll [2012.08.31 12:42:18 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2011.07.08 16:33:13 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.07.08 16:33:10 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.07.08 16:33:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.04 11:00:04 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\AVG [2012.05.01 22:07:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\AVG2012 [2012.12.27 17:56:31 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Canneverbe Limited [2013.05.05 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\DAEMON Tools Pro [2013.05.12 22:46:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Dropbox [2012.12.29 14:36:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\EDIMAX IP Camera Viewer [2012.11.25 15:37:43 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Epson [2012.03.25 13:09:02 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Fingertapps [2013.04.21 00:14:40 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\foobar2000 [2012.04.30 09:34:04 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\FreeAudioPack [2012.08.12 23:09:21 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\FreeCDRipper [2012.05.13 09:34:09 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Imperium Romanum [2013.04.06 19:09:50 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\IObit [2012.10.27 21:35:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\iolo [2013.05.10 00:54:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Kygad [2012.07.27 18:12:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Leadertech [2013.05.09 12:42:35 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\LumacDaemon [2013.05.10 00:43:20 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Maruw [2013.02.17 14:25:19 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\My Games [2012.05.13 12:55:00 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Need for Speed World [2012.09.15 21:33:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\OpenOffice.org [2012.08.01 20:32:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Origin [2012.04.16 20:36:51 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Outertech [2012.03.26 13:02:38 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\PCDr [2012.10.27 12:37:24 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Shareaza [2013.04.06 15:43:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Steganos [2013.04.06 15:43:37 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Steganos VPN [2012.08.14 01:30:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Summer Challenge [2012.10.27 13:02:41 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Thinstall [2013.05.04 10:51:29 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\TuneUp Software [2013.05.09 09:27:27 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Usenet.nl [2012.04.30 09:31:26 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\xxxxx\Downloads:Shareaza.GUID @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4 < End of report > [/CODE] |
|
12.05.2013, 22:17
| #20 |
| | Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen Und noch OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.05.2013 22:49:17 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxxx\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 49,70% Memory free 7,83 Gb Paging File | 5,53 Gb Available in Paging File | 70,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,13 Gb Total Space | 189,33 Gb Free Space | 42,44% Space Free | Partition Type: NTFS Drive D: | 6,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MYLAPTOP | User Name: xxxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.09 13:45:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxx\Downloads\OTL.exe PRC - [2013.04.10 08:56:41 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.04.05 00:41:44 | 025,863,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe PRC - [2013.01.02 17:15:44 | 000,181,360 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe PRC - [2012.11.19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012.11.02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2012.02.01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe PRC - [2011.09.06 19:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE PRC - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2011.08.01 19:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2010.12.21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.17 17:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe PRC - [2010.11.17 17:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe PRC - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe PRC - [2010.10.12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2010.10.01 23:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe PRC - [2009.05.21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe PRC - [2009.05.21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe ========== Modules (No Company Name) ========== MOD - [2013.04.10 08:56:55 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Andree Bohlmann\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.02.14 04:29:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.10 07:10:00 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll MOD - [2013.01.10 06:46:53 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 06:46:22 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll MOD - [2013.01.10 06:46:04 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 06:46:01 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll MOD - [2013.01.10 06:45:54 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 06:45:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 06:45:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 06:45:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 06:45:40 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Andree Bohlmann\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012.08.30 21:14:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2012.02.01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe MOD - [2012.02.01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll MOD - [2012.02.01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll MOD - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2010.12.17 17:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe MOD - [2010.11.25 05:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll MOD - [2010.11.17 17:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe MOD - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe MOD - [2010.11.17 17:35:28 | 000,657,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll ========== Services (SafeList) ========== SRV - [2013.04.22 17:29:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.01.02 17:15:40 | 000,247,328 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws) SRV - [2012.11.02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2010.12.21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.17 21:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010.12.17 21:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2010.12.17 21:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010.11.29 22:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010.08.26 03:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Personal 2012\WNt500x64\Sandra.sys -- (SANDRA) DRV:64bit: - [2013.05.09 12:27:34 | 000,065,736 | ---- | M] (Prevx) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\pxrts.sys -- (pxrts) DRV:64bit: - [2013.04.11 03:18:40 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2013.03.15 07:53:06 | 000,284,448 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\nvkflt.sys -- (nvkflt) DRV:64bit: - [2013.03.15 07:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.12.10 04:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.11.08 04:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.04.01 17:57:58 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.04.01 17:57:57 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011.12.15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.08.17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.08.17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.08.17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.08.17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.07 22:52:24 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.02.11 00:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.02.11 00:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.01.31 17:24:46 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvstusb.sys -- (NvStUSB) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.22 19:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.12.13 19:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010.12.01 12:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010.11.29 22:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.11 03:32:20 | 000,172,632 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.16 02:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.10.12 19:39:04 | 000,039,528 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV:64bit: - [2010.10.12 19:39:02 | 000,232,680 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV:64bit: - [2010.09.24 03:44:48 | 001,394,224 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.08.20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2010.07.13 04:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\qicflt.sys -- (qicflt) DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.27 17:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.10.05 22:22:20 | 000,044,320 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.11.01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010.10.12 19:39:04 | 000,039,528 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2010.10.12 19:39:02 | 000,232,680 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2009.10.05 22:22:20 | 000,044,320 | R--- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{354F2F5A-2A8A-4DEB-8896-1A7E9414F087}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{354F2F5A-2A8A-4DEB-8896-1A7E9414F087}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013.04.17 09:51:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.08.30 14:44:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.09 09:23:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.09 09:24:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Extensions [2013.05.10 22:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\qbbxfhhi.default\extensions [2013.05.10 22:12:18 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\xxxxx\AppData\Roaming\mozilla\firefox\profiles\qbbxfhhi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.09 09:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://start.iminent.com/?appId=DA0E3890-15E7-4586-ADD1-6616C27355A5 CHR - homepage: hxxp://start.iminent.com/?appId=DA0E3890-15E7-4586-ADD1-6616C27355A5 O1 HOSTS File: ([2013.05.10 00:58:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Andree Bohlmann\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - Startup: C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andree Bohlmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {3A5EF8E2-34B2-4B01-962B-FF430245CCA4} hxxp://192.168.0.102/IPCamPluginDM.cab (IC3015PlugIn Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{083C6684-B6B7-4C47-8A13-84A328DAD385}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E55EFD59-7E60-42B0-AAFA-4FF70198D4A0}: DhcpNameServer = 10.0.0.138 10.0.0.138 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\WINDOWS\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\WINDOWS\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.10.18 11:13:14 | 000,000,074 | R--- | M] () - D:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.12 22:45:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6 [2013.05.12 22:25:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.12 22:24:57 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.10 21:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.10 20:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Egosoft [2013.05.10 20:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DownloadManager [2013.05.10 11:08:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.10 01:31:59 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.10 00:48:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.10 00:48:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.10 00:48:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.10 00:46:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.10 00:46:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.09 12:27:34 | 000,065,736 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys [2013.05.09 12:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI [2013.05.09 09:24:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Mozilla [2013.05.09 09:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.09 09:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.05 15:31:56 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\LumacDaemon [2013.05.05 15:31:47 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Firstload [2013.05.05 15:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lumac [2013.05.05 15:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.05.05 08:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2013.05.05 07:34:56 | 000,000,000 | ---D | C] -- C:\Temp [2013.05.05 07:24:46 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\Neue Spiele [2013.05.05 05:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\MGTEK [2013.05.05 00:28:16 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.05.04 23:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\af0.net [2013.05.04 10:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2013.05.04 10:59:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2013.05.04 10:51:29 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\TuneUp Software [2013.05.04 10:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.05.04 10:06:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV [2013.05.04 10:06:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV [2013.05.04 10:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.05.03 22:59:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.05.03 22:59:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.05.03 22:00:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\tor [2013.05.03 22:00:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Maruw [2013.05.03 22:00:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Kygad [2013.04.30 23:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow [2013.04.30 23:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow [2013.04.28 12:24:45 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\ratDVD [2013.04.25 19:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.17 09:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.12 22:49:39 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.12 22:49:39 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.12 22:42:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.12 22:41:57 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys [2013.05.12 22:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.12 20:45:04 | 119,897,394 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2013.05.12 20:41:20 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.05.11 22:28:55 | 000,476,867 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2013.05.10 20:31:57 | 000,001,134 | ---- | M] () -- C:\Users\xxxxx\Desktop\X2 The Threat.lnk [2013.05.10 00:58:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.09 18:02:51 | 000,002,532 | ---- | M] () -- C:\Users\Public\Documents\AVG Scan 09.05.2013.csv [2013.05.09 17:43:23 | 000,008,150 | ---- | M] () -- C:\Users\Public\Documents\AVG Virenscan 09.05.2013.csv [2013.05.09 13:41:22 | 000,000,020 | ---- | M] () -- C:\Users\xxxxx\defogger_reenable [2013.05.09 12:27:34 | 000,065,736 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys [2013.05.09 12:20:59 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2013.05.09 09:23:39 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.06 21:25:40 | 001,642,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.06 21:25:40 | 000,707,484 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.06 21:25:40 | 000,661,062 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.06 21:25:40 | 000,153,044 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.06 21:25:40 | 000,125,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.05 15:31:29 | 000,002,693 | ---- | M] () -- C:\Users\Public\Desktop\Lumac.lnk [2013.05.05 15:18:44 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.05 07:22:25 | 000,001,483 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.05.05 00:47:06 | 000,349,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.04 23:54:44 | 000,001,415 | ---- | M] () -- C:\Users\xxxxx\Desktop\Internet Explorer.lnk [2013.05.04 11:47:09 | 000,002,084 | ---- | M] () -- C:\Users\xxxxx\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.05.04 11:47:09 | 000,002,013 | ---- | M] () -- C:\Users\xxxxx\Desktop\Avira DE-Cleaner.lnk [2013.04.22 05:32:50 | 000,000,016 | ---- | M] () -- C:\Users\xxxxx\Ausgaben Hausbau.odb.lck [2013.04.21 14:36:59 | 000,004,866 | ---- | M] () -- C:\Users\xxxxx\Ausgaben Hausbau.odb [2013.04.17 09:51:00 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.10 20:31:57 | 000,001,134 | ---- | C] () -- C:\Users\xxxxx\Desktop\X2 The Threat.lnk [2013.05.10 00:48:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.10 00:48:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.10 00:48:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.10 00:48:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.10 00:48:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.09 18:02:51 | 000,002,532 | ---- | C] () -- C:\Users\Public\Documents\AVG Scan 09.05.2013.csv [2013.05.09 17:43:23 | 000,008,150 | ---- | C] () -- C:\Users\Public\Documents\AVG Virenscan 09.05.2013.csv [2013.05.09 13:41:22 | 000,000,020 | ---- | C] () -- C:\Users\xxxxx\defogger_reenable [2013.05.09 09:23:39 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.09 09:23:39 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.05 15:31:29 | 000,002,699 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lumac.lnk [2013.05.05 15:31:29 | 000,002,693 | ---- | C] () -- C:\Users\Public\Desktop\Lumac.lnk [2013.05.05 15:18:44 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.04 23:54:44 | 000,001,415 | ---- | C] () -- C:\Users\xxxxx\Desktop\Internet Explorer.lnk [2013.05.04 11:47:09 | 000,002,013 | ---- | C] () -- C:\Users\xxxxx\Desktop\Avira DE-Cleaner.lnk [2013.05.04 10:03:50 | 003,065,455 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.04.30 23:01:53 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2013.04.20 19:08:46 | 000,000,016 | ---- | C] () -- C:\Users\xxxxx\Ausgaben Hausbau.odb.lck [2013.04.20 19:08:39 | 000,004,866 | ---- | C] () -- C:\Users\xxxxx\Ausgaben Hausbau.odb [2013.03.09 01:25:15 | 000,000,103 | ---- | C] () -- C:\Users\xxxxx\AppData\Local\fusioncache.dat [2013.03.08 23:37:34 | 000,026,900 | ---- | C] () -- C:\Users\xxxxx\AppData\Local\dt.dat [2013.02.26 16:00:01 | 006,171,691 | ---- | C] () -- C:\Users\xxxxx\kaufanwärtervertrag.pdf [2013.02.25 18:13:45 | 003,570,938 | ---- | C] () -- C:\Users\xxxxx\Kopie Ausweis.pdf [2013.02.13 19:47:30 | 000,016,112 | ---- | C] () -- C:\Users\xxxxx\Stellungnahme Körperverletzung 08.02.2013.odt [2013.01.29 22:08:04 | 000,011,769 | ---- | C] () -- C:\Users\xxxxx\überstunden.odt [2012.12.28 00:19:03 | 000,021,402 | ---- | C] () -- C:\Users\xxxxx\Anhörung 27.12.2012.odt [2012.12.19 19:59:25 | 000,014,134 | ---- | C] () -- C:\Users\xxxxx\2. Antrag Fangschaltung.odt [2012.12.16 23:12:43 | 000,022,276 | ---- | C] () -- C:\Users\xxxxx\Beschwerde 16.12.2012.odt [2012.12.16 17:18:49 | 000,014,070 | ---- | C] () -- C:\Users\xxxxx\lebenslauf andree.odt [2012.12.16 16:10:27 | 000,015,411 | ---- | C] () -- C:\Users\xxxxx\Bewerbung Andree.odt [2012.12.15 11:26:08 | 000,014,939 | ---- | C] () -- C:\Users\xxxxx\Checkliste Matthias.odt [2012.11.03 23:37:34 | 000,014,254 | ---- | C] () -- C:\Users\xxxxx\Verlängerung Fangschaltung.odt [2012.10.27 21:14:36 | 000,000,448 | ---- | C] () -- C:\Windows\SysWow64\iolo.ini [2012.10.16 18:55:41 | 001,106,951 | ---- | C] () -- C:\Users\xxxxx\Hinweis Jobcenter 1.odt [2012.10.16 18:28:17 | 004,693,729 | ---- | C] () -- C:\Users\xxxxx\Kopie Ausweis.odt [2012.10.16 18:13:55 | 000,015,356 | ---- | C] () -- C:\Users\xxxxx\Antrag Fangschaltung.odt [2012.09.15 22:43:36 | 000,018,850 | ---- | C] () -- C:\Users\xxxxx\Beschwerde 15.09.2012.odt [2012.09.15 22:00:53 | 000,014,357 | ---- | C] () -- C:\Users\xxxxx\Stellungnahme Beschwerde 14.09.2012.odt [2012.09.07 17:38:12 | 005,775,456 | R--- | C] ( ) -- C:\Windows\SysWow64\RTKISDBT.dll [2012.08.31 12:42:18 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2011.07.08 16:33:13 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.07.08 16:33:10 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.07.08 16:33:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.04 11:00:04 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\AVG [2012.05.01 22:07:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\AVG2012 [2012.12.27 17:56:31 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Canneverbe Limited [2013.05.05 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\DAEMON Tools Pro [2013.05.12 22:46:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Dropbox [2012.12.29 14:36:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\EDIMAX IP Camera Viewer [2012.11.25 15:37:43 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Epson [2012.03.25 13:09:02 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Fingertapps [2013.04.21 00:14:40 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\foobar2000 [2012.04.30 09:34:04 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\FreeAudioPack [2012.08.12 23:09:21 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\FreeCDRipper [2012.05.13 09:34:09 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Imperium Romanum [2013.04.06 19:09:50 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\IObit [2012.10.27 21:35:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\iolo [2013.05.10 00:54:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Kygad [2012.07.27 18:12:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Leadertech [2013.05.09 12:42:35 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\LumacDaemon [2013.05.10 00:43:20 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Maruw [2013.02.17 14:25:19 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\My Games [2012.05.13 12:55:00 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Need for Speed World [2012.09.15 21:33:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\OpenOffice.org [2012.08.01 20:32:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Origin [2012.04.16 20:36:51 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Outertech [2012.03.26 13:02:38 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\PCDr [2012.10.27 12:37:24 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Shareaza [2013.04.06 15:43:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Steganos [2013.04.06 15:43:37 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Steganos VPN [2012.08.14 01:30:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Summer Challenge [2012.10.27 13:02:41 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Thinstall [2013.05.04 10:51:29 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\TuneUp Software [2013.05.09 09:27:27 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Usenet.nl [2012.04.30 09:31:26 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\xxxxx\Downloads:Shareaza.GUID @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4 < End of report > [/CODE] |
|
12.05.2013, 22:40
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernenFixen mit OTL
Code:
ATTFilter :OTL
[2013.05.03 22:00:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\tor
[2013.05.03 22:00:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Maruw
[2013.05.03 22:00:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Kygad
@Alternate Data Stream - 16 bytes -> C:\Users\xxxxx\Downloads:Shareaza.GUID
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ --> Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen |
|
13.05.2013, 18:11
| #22 |
| | Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen Auftrag ausgeführt, hier die Resultate: Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\xxxxx\AppData\Roaming\tor\hidden_service folder moved successfully.
C:\Users\xxxxx\AppData\Roaming\tor folder moved successfully.
C:\Users\xxxxx\AppData\Roaming\Maruw folder moved successfully.
C:\Users\xxxxx\AppData\Roaming\Kygad folder moved successfully.
Unable to delete ADS C:\Users\xxxxx\Downloads:Shareaza.GUID .
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\xxxxx\Downloads\cmd.bat deleted successfully.
C:\Users\xxxxx\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: xxxxx
->Temp folder emptied: 88993908 bytes
->Temporary Internet Files folder emptied: 258438129 bytes
->Java cache emptied: 518599 bytes
->FireFox cache emptied: 59779893 bytes
->Flash cache emptied: 63193 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2614 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 949233 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 390,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 05132013_190419
Files\Folders moved on Reboot...
C:\Users\xxxxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\xxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Muss ich mir Sorgen um meine Daten machen? |
|
14.05.2013, 10:03
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.05.2013, 17:32
| #24 |
| | Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen Hier die erste: OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.05.2013 18:03:42 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andree Bohlmann\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 45,73% Memory free 7,83 Gb Paging File | 5,37 Gb Available in Paging File | 68,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,13 Gb Total Space | 189,18 Gb Free Space | 42,41% Space Free | Partition Type: NTFS Drive D: | 6,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MYLAPTOP | User Name: xxxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxxxx\Downloads\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Users\xxxxx\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe () PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Users\xxxxx\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll () MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE () MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (CLKMSVC10_9EC60124) -- c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Personal 2012\WNt500x64\Sandra.sys File not found DRV:64bit: - (pxrts) -- C:\WINDOWS\SysNative\drivers\pxrts.sys (Prevx) DRV:64bit: - (Avgtdia) -- C:\WINDOWS\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (nvkflt) -- C:\WINDOWS\SysNative\drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (nvpciflt) -- C:\WINDOWS\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (AVGIDSDriver) -- C:\WINDOWS\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgldx64) -- C:\WINDOWS\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\WINDOWS\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (atksgt) -- C:\WINDOWS\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\WINDOWS\SysNative\drivers\lirsgt.sys () DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Avgrkx64) -- C:\WINDOWS\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\WINDOWS\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:\WINDOWS\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (tap0901) -- C:\WINDOWS\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (UsbserFilt) -- C:\WINDOWS\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\WINDOWS\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\WINDOWS\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\WINDOWS\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (RTL8167) -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (Avgfwfd) -- C:\WINDOWS\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (amdsata) -- C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (igfx) -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (NvStUSB) -- C:\WINDOWS\SysNative\drivers\nvstusb.sys () DRV:64bit: - (VClone) -- C:\WINDOWS\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (iaStor) -- C:\WINDOWS\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (NETwNs64) -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (ElbyCDIO) -- C:\WINDOWS\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (Acceler) -- C:\WINDOWS\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (wdkmd) -- C:\WINDOWS\SysNative\drivers\WDKMD.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\WINDOWS\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (TsUsbFlt) -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\WINDOWS\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (JMCR) -- C:\WINDOWS\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (MEIx64) -- C:\WINDOWS\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (RTL2832UUSB) -- C:\WINDOWS\SysNative\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.) DRV:64bit: - (RTL2832UBDA) -- C:\WINDOWS\SysNative\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.) DRV:64bit: - (SynTP) -- C:\WINDOWS\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (stdcfltn) -- C:\WINDOWS\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (qicflt) -- C:\WINDOWS\SysNative\drivers\qicflt.sys (Quanta Computer) DRV:64bit: - (PxHlpa64) -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\WINDOWS\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (RTL2832U_IRHID) -- C:\WINDOWS\SysNative\drivers\RTL2832U_IRHID.sys (Realtek) DRV:64bit: - (amdsbs) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\WINDOWS\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (RTL2832UUSB) -- C:\WINDOWS\SysWOW64\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.) DRV - (RTL2832UBDA) -- C:\WINDOWS\SysWOW64\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.) DRV - (RTL2832U_IRHID) -- C:\WINDOWS\SysWOW64\drivers\RTL2832U_IRHID.sys (Realtek) DRV - (WIMMount) -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{354F2F5A-2A8A-4DEB-8896-1A7E9414F087}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{354F2F5A-2A8A-4DEB-8896-1A7E9414F087}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3978098729-3601256905-1607446451-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3978098729-3601256905-1607446451-1002\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3978098729-3601256905-1607446451-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3978098729-3601256905-1607446451-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-3978098729-3601256905-1607446451-1008\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013.04.17 09:51:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.08.30 14:44:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.09 09:23:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.09 09:24:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Extensions [2013.05.10 22:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\qbbxfhhi.default\extensions [2013.05.10 22:12:18 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\xxxxx\AppData\Roaming\mozilla\firefox\profiles\qbbxfhhi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.09 09:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://start.iminent.com/?appId=DA0E3890-15E7-4586-ADD1-6616C27355A5 CHR - homepage: hxxp://start.iminent.com/?appId=DA0E3890-15E7-4586-ADD1-6616C27355A5 O1 HOSTS File: ([2013.05.13 19:05:01 | 000,000,098 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKU\S-1-5-21-3978098729-3601256905-1607446451-1002..\Run: [Akamai NetSession Interface] C:\Users\Andree Bohlmann\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-3978098729-3601256905-1607446451-1008..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3978098729-3601256905-1607446451-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andree Bohlmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3978098729-3601256905-1607446451-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3978098729-3601256905-1607446451-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-3978098729-3601256905-1607446451-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3978098729-3601256905-1607446451-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3978098729-3601256905-1607446451-1002\..Trusted Domains: dell.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3978098729-3601256905-1607446451-1002\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKU\S-1-5-21-3978098729-3601256905-1607446451-1002\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-3978098729-3601256905-1607446451-1002\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {3A5EF8E2-34B2-4B01-962B-FF430245CCA4} hxxp://192.168.0.102/IPCamPluginDM.cab (IC3015PlugIn Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{083C6684-B6B7-4C47-8A13-84A328DAD385}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E55EFD59-7E60-42B0-AAFA-4FF70198D4A0}: DhcpNameServer = 10.0.0.138 10.0.0.138 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\WINDOWS\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\WINDOWS\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.10.18 11:13:14 | 000,000,074 | R--- | M] () - D:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.14 18:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.05.14 18:00:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6 [2013.05.13 19:04:19 | 000,000,000 | ---D | C] -- C:\_OTL [2013.05.12 22:25:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.12 22:24:57 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.10 21:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.10 20:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Egosoft [2013.05.10 20:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DownloadManager [2013.05.10 11:08:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.10 01:31:59 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.10 00:48:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.10 00:48:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.10 00:48:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.10 00:46:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.10 00:46:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.09 12:27:34 | 000,065,736 | ---- | C] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys [2013.05.09 12:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI [2013.05.09 09:24:33 | 000,000,000 | ---D | C] -- C:\Users\Andree Bohlmann\AppData\Local\Mozilla [2013.05.09 09:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.09 09:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.05 15:31:56 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\LumacDaemon [2013.05.05 15:31:47 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Firstload [2013.05.05 15:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lumac [2013.05.05 15:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.05.05 08:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2013.05.05 07:34:56 | 000,000,000 | ---D | C] -- C:\Temp [2013.05.05 07:24:46 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\Neue Spiele [2013.05.05 05:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\MGTEK [2013.05.05 00:28:16 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.05.04 23:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\af0.net [2013.05.04 19:43:31 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.05.04 19:43:31 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.05.04 19:43:31 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.05.04 19:43:31 | 017,990,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013.05.04 19:43:31 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.05.04 19:43:31 | 015,508,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2013.05.04 19:43:31 | 013,088,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013.05.04 19:43:31 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.05.04 19:43:31 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.05.04 19:43:31 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.05.04 19:43:31 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.05.04 19:43:31 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.05.04 19:43:31 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.05.04 19:43:31 | 002,539,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013.05.04 19:43:31 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.05.04 19:43:31 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.05.04 19:43:31 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll [2013.05.04 19:43:31 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll [2013.05.04 19:43:31 | 000,284,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvkflt.sys [2013.05.04 19:43:31 | 000,030,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvpciflt.sys [2013.05.04 10:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2013.05.04 10:59:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2013.05.04 10:51:29 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\TuneUp Software [2013.05.04 10:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.05.04 10:06:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV [2013.05.04 10:06:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV [2013.05.04 10:03:50 | 006,398,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2013.05.04 10:03:50 | 003,477,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2013.05.04 10:03:50 | 002,555,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2013.05.04 10:03:50 | 001,016,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshext.dll [2013.05.04 10:03:50 | 000,237,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2013.05.04 10:03:50 | 000,076,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nv3dappshextr.dll [2013.05.04 10:03:50 | 000,063,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2013.05.04 10:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.05.03 22:59:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.05.03 22:59:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.04.30 23:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow [2013.04.30 23:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow [2013.04.28 12:24:45 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\ratDVD [2013.04.25 19:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.14 18:07:41 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.14 18:07:41 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.14 18:07:32 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2013.05.14 18:04:22 | 120,059,129 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2013.05.14 18:04:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.05.14 18:00:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.14 18:00:14 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys [2013.05.13 21:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.13 19:05:01 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2013.05.11 22:28:55 | 000,476,867 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2013.05.10 20:31:57 | 000,001,134 | ---- | M] () -- C:\Users\xxxxx\Desktop\X2 The Threat.lnk [2013.05.09 18:02:51 | 000,002,532 | ---- | M] () -- C:\Users\Public\Documents\AVG Scan 09.05.2013.csv [2013.05.09 17:43:23 | 000,008,150 | ---- | M] () -- C:\Users\Public\Documents\AVG Virenscan 09.05.2013.csv [2013.05.09 13:41:22 | 000,000,020 | ---- | M] () -- C:\Users\xxxxx\defogger_reenable [2013.05.09 12:27:34 | 000,065,736 | ---- | M] (Prevx) -- C:\Windows\SysNative\drivers\pxrts.sys [2013.05.09 12:20:59 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2013.05.09 09:23:39 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.06 21:25:40 | 001,642,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.06 21:25:40 | 000,707,484 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.06 21:25:40 | 000,661,062 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.06 21:25:40 | 000,153,044 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.06 21:25:40 | 000,125,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.05 15:31:29 | 000,002,693 | ---- | M] () -- C:\Users\Public\Desktop\Lumac.lnk [2013.05.05 15:18:44 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.05 07:22:25 | 000,001,483 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.05.05 00:47:06 | 000,349,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.04 23:54:44 | 000,001,415 | ---- | M] () -- C:\Users\xxxxx\Desktop\Internet Explorer.lnk [2013.05.04 11:47:09 | 000,002,084 | ---- | M] () -- C:\Users\xxxxx\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.05.04 11:47:09 | 000,002,013 | ---- | M] () -- C:\Users\xxxxx\Desktop\Avira DE-Cleaner.lnk [2013.04.29 20:31:31 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll [2013.04.22 17:29:20 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.22 17:29:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.22 05:32:50 | 000,000,016 | ---- | M] () -- C:\Users\xxxxx\Ausgaben Hausbau.odb.lck [2013.04.21 14:36:59 | 000,004,866 | ---- | M] () -- C:\Users\xxxxx\Ausgaben Hausbau.odb [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.10 20:31:57 | 000,001,134 | ---- | C] () -- C:\Users\xxxxx\Desktop\X2 The Threat.lnk [2013.05.10 00:48:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.10 00:48:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.10 00:48:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.10 00:48:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.10 00:48:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.09 18:02:51 | 000,002,532 | ---- | C] () -- C:\Users\Public\Documents\AVG Scan 09.05.2013.csv [2013.05.09 17:43:23 | 000,008,150 | ---- | C] () -- C:\Users\Public\Documents\AVG Virenscan 09.05.2013.csv [2013.05.09 13:41:22 | 000,000,020 | ---- | C] () -- C:\Users\xxxxx\defogger_reenable [2013.05.09 09:23:39 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.05.09 09:23:39 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.05 15:31:29 | 000,002,699 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lumac.lnk [2013.05.05 15:31:29 | 000,002,693 | ---- | C] () -- C:\Users\Public\Desktop\Lumac.lnk [2013.05.05 15:18:44 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.05.04 23:54:44 | 000,001,415 | ---- | C] () -- C:\Users\xxxxx\Desktop\Internet Explorer.lnk [2013.05.04 11:47:09 | 000,002,013 | ---- | C] () -- C:\Users\xxxxx\Desktop\Avira DE-Cleaner.lnk [2013.05.04 10:03:50 | 003,065,455 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.04.30 23:01:53 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.09.07 17:38:12 | 005,775,456 | R--- | C] () -- C:\Windows\SysWow64\RTKISDBT.dll [2012.08.31 12:42:18 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2011.07.08 16:33:13 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.07.08 16:33:10 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.07.08 16:33:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 16 bytes -> C:\Users\xxxxx\Downloads:Shareaza.GUID < End of report > [/CODE] Hier die zweite: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.05.2013 18:03:42 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxxx\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,92 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 45,73% Memory free
7,83 Gb Paging File | 5,37 Gb Available in Paging File | 68,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 189,18 Gb Free Space | 42,41% Space Free | Partition Type: NTFS
Drive D: | 6,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MYLAPTOP | User Name: Andree Bohlmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3978098729-3601256905-1607446451-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03039689-639B-4CF1-9436-EEF1756FC313}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{046F94D0-4C89-4869-A693-4050DADFCFA2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F701886-998D-4CFF-9AB7-7DDA9A8943C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{36776667-1A45-4D0E-B258-DD5A185D6F05}" = lport=49195 | protocol=6 | dir=in | name=akamai netsession interface |
"{3D5FCBC8-8774-4528-B5C3-B4E3CECE7666}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{40E5371C-2F9F-45FA-89E8-4D6CA124FC0E}" = lport=445 | protocol=6 | dir=in | app=system |
"{556EB8B6-7CB8-43BC-BDE6-70E802DA8D2E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C9F9D07-D8A3-49CD-B716-CDD96B3FE16C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8369F121-912B-47FF-9E70-0A852AB79102}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FA61F79-065A-445C-8A6E-D0EABCB1ED92}" = lport=139 | protocol=6 | dir=in | app=system |
"{91FBD9FA-A5D5-4232-934D-4CF0A8D2EB6B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A8C5897-352C-407C-8F88-4606BE270D6F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9F75A132-BAFD-45E0-BC48-CBF39B152457}" = rport=138 | protocol=17 | dir=out | app=system |
"{A6ED5094-4F35-4827-8AFF-9C51BF7D6A6D}" = rport=137 | protocol=17 | dir=out | app=system |
"{B0F194CB-E088-4812-BCEC-9AC35620AD83}" = lport=137 | protocol=17 | dir=in | app=system |
"{BC3D34AD-2FA1-4798-98AE-09D10F3E2E52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0395EE5-69DF-424D-89F1-4911BBE28BD4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D55EABBC-366B-4FF3-8DF9-930C05416B49}" = lport=138 | protocol=17 | dir=in | app=system |
"{E9BF0CA1-4199-413A-BA37-CE97B8B61BC2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EA83D6E2-A302-4D47-9928-215982623530}" = rport=445 | protocol=6 | dir=out | app=system |
"{EE8DA5B6-95B3-41F0-90CD-A3DCA3C1AB46}" = rport=139 | protocol=6 | dir=out | app=system |
"{F6F83A34-8ACA-4FEF-BCA8-09C445E758E5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FFC687F8-1ED7-4ED3-ACE2-3D24D67CC967}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D6A61F-7541-45B8-8955-8B67964323B5}" = protocol=17 | dir=in | app=c:\users\xxxxx\appdata\local\akamai\netsession_win.exe |
"{07B6A340-394A-4664-BBB6-92AA768A3FAA}" = protocol=6 | dir=in | app=c:\programdata\turbine\the lord of the rings online\turbinelauncher.exe |
"{0876A7EC-D091-49CB-8D27-DD6226B257B0}" = protocol=17 | dir=in | app=c:\users\xxxxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{098A15D8-E6B5-4490-99E8-D31C4A1CC2A9}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{0DEF8D56-2974-4AB8-9607-3836D1BA07D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1263184C-472F-4F6F-993D-88029DDD0B96}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{15D4C253-AC25-462F-BA9F-63032C4FB965}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{1A7F0FD5-9CCA-44CA-ABBA-0EB35F9BBA41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F6814D3-86B5-4F86-829C-7B9623DB0768}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B0AFDA6-F1A7-43F4-8B89-0FFEF7A558DB}" = protocol=6 | dir=out | app=system |
"{2EF12A63-28AA-4064-89D0-FC2A6BB4AB53}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CB83590-2023-48F2-835E-09F86CB3F586}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{40485130-2B2C-4F4D-826E-5878BC9E6AC9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{498F41FC-BBFC-4509-A3E3-33385EF79E71}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{50CB682E-E0F3-4006-A359-CC1EB683D4CE}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{53861E3B-7EF1-4CF0-B3CE-562D30C8BF77}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5561E50E-5F6A-445E-AAE1-3387C44B2E05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{56D09412-B4B8-4A7E-99D9-EE2F5CEF6DCB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{5B9A444F-2314-4D13-B25D-354C04F92955}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{5ECB1D94-8CBA-42A3-A157-06CC3E7B4945}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{631F4D80-204A-4CC3-8782-957F1145E92F}" = protocol=6 | dir=in | app=c:\programdata\turbine\the lord of the rings online\lotroclient.exe |
"{63A4D0A7-04F5-487F-818D-4F5F0CDDD0E6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6553E824-5FAE-4AD2-A767-D46E0F2A732D}" = protocol=6 | dir=in | app=c:\users\xxxxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{6585E235-63DC-487A-B71B-EACF6F5D2620}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{6CEB409E-158F-4573-8220-B4EA73E3BD72}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\game of thrones\binaries\win32\shippingpc-agotgame.exe |
"{71397AAF-5BF4-4509-8690-7684A54D1AA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{71B17691-5942-408E-9573-68001A9D9D1F}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{7206888F-A24D-4851-B9D6-366F4E3D45ED}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{72EAB010-391A-4743-952D-A055AFFE6F85}" = protocol=6 | dir=in | app=c:\users\xxxxx\appdata\local\akamai\netsession_win.exe |
"{746E66B4-C0CF-4E0F-A7BF-A6CA57EBFC7E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{7ED5A93C-E2C9-4CF3-A38A-A7ACD41FA8FA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{87C387E5-CD0C-447D-B59C-706323A24CAA}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{87FFAC5D-4DCC-4B07-99B8-1E0D7410F780}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89B3B1FA-4AB1-43F1-A342-B349C5A737CE}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{8E20CAE1-487A-438A-8B8D-2A5837278733}" = protocol=17 | dir=in | app=c:\programdata\turbine\the lord of the rings online\lotroclient.exe |
"{91776997-1C81-4409-A790-341DB5AB68F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9599FCEA-1537-4612-A3FE-94D23B46CAE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{96CE6C77-B57C-4527-A09F-E7ED2D3E8FA9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{98E21EFC-9DE2-49BA-A0F6-C0AE266A4E85}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{A0EE22EC-5519-4593-8912-59FFF7EEA47B}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\game of thrones\binaries\win32\shippingpc-agotgame.exe |
"{AAEDD936-B671-4804-8B4F-B2326A8AD677}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{ABA26ECA-C116-40E1-8756-DC718E4CFCE6}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{B2990F59-B1DB-486E-928B-D02D0B139A89}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B30623EB-A0D0-483D-B216-4E2EAE3E5094}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{B8979D67-0A76-4F92-B55E-88A91C235EFD}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{BD5BC973-3500-4ABA-9F9A-E93FBBFE7A41}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C4686626-9B8C-473D-97C5-053AC8D5C651}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA28E355-F923-4AB2-B031-D505EA990D9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDD9118C-9661-4C4D-81A3-FEFC8C87128A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{CDE417DB-F24B-40AA-9E34-8D7D7E8E1CAC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{CECE539D-D5AB-45CD-A477-D8CD5B53E51E}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{D32CB597-74B9-4421-9944-79B2D583BA3E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{D4AC44E8-C646-43E5-80D3-52FA8841B8A0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{D540B0F1-C46F-4A89-A9E8-38228C48C504}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DAB8E997-4F94-46E1-86FA-3FD1E7A4DF65}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DFBE70F5-FCA7-4CF4-967B-742A60B39EE0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0B5F689-594A-4789-9810-E3A82052F202}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{E4BD362D-5DEF-482F-91B0-1E05CCCADE6E}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{EB4DCD8D-7231-4295-A659-EE86A486C62D}" = protocol=17 | dir=in | app=c:\programdata\turbine\the lord of the rings online\turbinelauncher.exe |
"{EF0FAA57-E29F-4731-8561-CD85AFA0583D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{F3791CEF-2679-4707-AB80-0EEE6506A520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9C9D970-3ED4-44C9-8148-5AD18FE93E5F}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{F9D80F76-3E48-45BC-B250-B92E69F97157}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2772A034-42CE-493F-95D1-C5727445CE24}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{8462064A-9606-4E25-BF92-16EAEB842912}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
"{41410F2F-118B-4641-BDA9-47C3CEDE8A6A}" = AVG 2012
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{DFE4E6BB-70F0-4292-B7EB-7A3AD48EBB5C}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Dell Support Center" = Dell Support Center
"EPSON SX235 Series" = EPSON SX235 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}" = Dell MusicStage
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5DE11949-2B11-4F13-BAD5-1C237122CFDB}" = Lumac
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7451FD2D-1A23-4E67-92CD-8EDDD1846917}" = AVG PC TuneUp Language Pack (de-DE)
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}" = Dell Stage
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.2.2
"EPSON Scanner" = EPSON Scan
"EPSON SX235 Series Netg" = Netzwerkhandbuch EPSON SX235 Series
"EPSON SX235 Series Useg" = Benutzerhandbuch EPSON SX235 Series
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"foobar2000" = foobar2000 v1.1.14a
"InstallShield_{5DE11949-2B11-4F13-BAD5-1C237122CFDB}" = Lumac
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"IObit Uninstaller" = IObit Uninstaller 2.4
"IPCam Admin Utility_is1" = IPCam Admin v3.0.31
"IPCam Surveillance Software_is1" = IPCam Surveillance Software 3.0.4.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Summer Challenge_is1" = Summer Challenge
"Tomb Raider_is1" = Tomb Raider
"Usenet.nl_is1" = Usenet.nl
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.3
"X2TheThreat_is1" = X2 The Threat v1.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3978098729-3601256905-1607446451-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"lotro_highres_de" = Der Herr der Ringe Online
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.05.2013 16:42:33 | Computer Name = MyLaptop | Source = WinMgmt | ID = 10
Description =
Error - 13.05.2013 09:05:58 | Computer Name = MyLaptop | Source = WinMgmt | ID = 10
Description =
Error - 13.05.2013 13:06:31 | Computer Name = MyLaptop | Source = WinMgmt | ID = 10
Description =
Error - 14.05.2013 12:00:25 | Computer Name = MyLaptop | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 12.05.2013 16:46:08 | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 13.05.2013 09:06:50 | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 13.05.2013 09:07:20 | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 13.05.2013 13:04:19 | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 13.05.2013 13:07:03 | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 13.05.2013 13:07:33 | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 14.05.2013 12:01:03 | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 14.05.2013 12:01:33 | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
< End of report >
[/CODE] Hier die zweite: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.05.2013 18:03:42 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxxx\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,92 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 45,73% Memory free
7,83 Gb Paging File | 5,37 Gb Available in Paging File | 68,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,13 Gb Total Space | 189,18 Gb Free Space | 42,41% Space Free | Partition Type: NTFS
Drive D: | 6,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MYLAPTOP | User Name: Andree Bohlmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3978098729-3601256905-1607446451-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03039689-639B-4CF1-9436-EEF1756FC313}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{046F94D0-4C89-4869-A693-4050DADFCFA2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F701886-998D-4CFF-9AB7-7DDA9A8943C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{36776667-1A45-4D0E-B258-DD5A185D6F05}" = lport=49195 | protocol=6 | dir=in | name=akamai netsession interface |
"{3D5FCBC8-8774-4528-B5C3-B4E3CECE7666}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{40E5371C-2F9F-45FA-89E8-4D6CA124FC0E}" = lport=445 | protocol=6 | dir=in | app=system |
"{556EB8B6-7CB8-43BC-BDE6-70E802DA8D2E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C9F9D07-D8A3-49CD-B716-CDD96B3FE16C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8369F121-912B-47FF-9E70-0A852AB79102}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FA61F79-065A-445C-8A6E-D0EABCB1ED92}" = lport=139 | protocol=6 | dir=in | app=system |
"{91FBD9FA-A5D5-4232-934D-4CF0A8D2EB6B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A8C5897-352C-407C-8F88-4606BE270D6F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9F75A132-BAFD-45E0-BC48-CBF39B152457}" = rport=138 | protocol=17 | dir=out | app=system |
"{A6ED5094-4F35-4827-8AFF-9C51BF7D6A6D}" = rport=137 | protocol=17 | dir=out | app=system |
"{B0F194CB-E088-4812-BCEC-9AC35620AD83}" = lport=137 | protocol=17 | dir=in | app=system |
"{BC3D34AD-2FA1-4798-98AE-09D10F3E2E52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0395EE5-69DF-424D-89F1-4911BBE28BD4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D55EABBC-366B-4FF3-8DF9-930C05416B49}" = lport=138 | protocol=17 | dir=in | app=system |
"{E9BF0CA1-4199-413A-BA37-CE97B8B61BC2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EA83D6E2-A302-4D47-9928-215982623530}" = rport=445 | protocol=6 | dir=out | app=system |
"{EE8DA5B6-95B3-41F0-90CD-A3DCA3C1AB46}" = rport=139 | protocol=6 | dir=out | app=system |
"{F6F83A34-8ACA-4FEF-BCA8-09C445E758E5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FFC687F8-1ED7-4ED3-ACE2-3D24D67CC967}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D6A61F-7541-45B8-8955-8B67964323B5}" = protocol=17 | dir=in | app=c:\users\xxxxx\appdata\local\akamai\netsession_win.exe |
"{07B6A340-394A-4664-BBB6-92AA768A3FAA}" = protocol=6 | dir=in | app=c:\programdata\turbine\the lord of the rings online\turbinelauncher.exe |
"{0876A7EC-D091-49CB-8D27-DD6226B257B0}" = protocol=17 | dir=in | app=c:\users\xxxxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{098A15D8-E6B5-4490-99E8-D31C4A1CC2A9}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{0DEF8D56-2974-4AB8-9607-3836D1BA07D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1263184C-472F-4F6F-993D-88029DDD0B96}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{15D4C253-AC25-462F-BA9F-63032C4FB965}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{1A7F0FD5-9CCA-44CA-ABBA-0EB35F9BBA41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F6814D3-86B5-4F86-829C-7B9623DB0768}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B0AFDA6-F1A7-43F4-8B89-0FFEF7A558DB}" = protocol=6 | dir=out | app=system |
"{2EF12A63-28AA-4064-89D0-FC2A6BB4AB53}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CB83590-2023-48F2-835E-09F86CB3F586}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{40485130-2B2C-4F4D-826E-5878BC9E6AC9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{498F41FC-BBFC-4509-A3E3-33385EF79E71}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{50CB682E-E0F3-4006-A359-CC1EB683D4CE}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{53861E3B-7EF1-4CF0-B3CE-562D30C8BF77}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5561E50E-5F6A-445E-AAE1-3387C44B2E05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{56D09412-B4B8-4A7E-99D9-EE2F5CEF6DCB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{5B9A444F-2314-4D13-B25D-354C04F92955}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{5ECB1D94-8CBA-42A3-A157-06CC3E7B4945}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{631F4D80-204A-4CC3-8782-957F1145E92F}" = protocol=6 | dir=in | app=c:\programdata\turbine\the lord of the rings online\lotroclient.exe |
"{63A4D0A7-04F5-487F-818D-4F5F0CDDD0E6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6553E824-5FAE-4AD2-A767-D46E0F2A732D}" = protocol=6 | dir=in | app=c:\users\xxxxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{6585E235-63DC-487A-B71B-EACF6F5D2620}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{6CEB409E-158F-4573-8220-B4EA73E3BD72}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\game of thrones\binaries\win32\shippingpc-agotgame.exe |
"{71397AAF-5BF4-4509-8690-7684A54D1AA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{71B17691-5942-408E-9573-68001A9D9D1F}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{7206888F-A24D-4851-B9D6-366F4E3D45ED}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{72EAB010-391A-4743-952D-A055AFFE6F85}" = protocol=6 | dir=in | app=c:\users\xxxxx\appdata\local\akamai\netsession_win.exe |
"{746E66B4-C0CF-4E0F-A7BF-A6CA57EBFC7E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{7ED5A93C-E2C9-4CF3-A38A-A7ACD41FA8FA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{87C387E5-CD0C-447D-B59C-706323A24CAA}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{87FFAC5D-4DCC-4B07-99B8-1E0D7410F780}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89B3B1FA-4AB1-43F1-A342-B349C5A737CE}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{8E20CAE1-487A-438A-8B8D-2A5837278733}" = protocol=17 | dir=in | app=c:\programdata\turbine\the lord of the rings online\lotroclient.exe |
"{91776997-1C81-4409-A790-341DB5AB68F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9599FCEA-1537-4612-A3FE-94D23B46CAE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{96CE6C77-B57C-4527-A09F-E7ED2D3E8FA9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{98E21EFC-9DE2-49BA-A0F6-C0AE266A4E85}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{A0EE22EC-5519-4593-8912-59FFF7EEA47B}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\game of thrones\binaries\win32\shippingpc-agotgame.exe |
"{AAEDD936-B671-4804-8B4F-B2326A8AD677}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{ABA26ECA-C116-40E1-8756-DC718E4CFCE6}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{B2990F59-B1DB-486E-928B-D02D0B139A89}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B30623EB-A0D0-483D-B216-4E2EAE3E5094}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{B8979D67-0A76-4F92-B55E-88A91C235EFD}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{BD5BC973-3500-4ABA-9F9A-E93FBBFE7A41}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C4686626-9B8C-473D-97C5-053AC8D5C651}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA28E355-F923-4AB2-B031-D505EA990D9B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDD9118C-9661-4C4D-81A3-FEFC8C87128A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{CDE417DB-F24B-40AA-9E34-8D7D7E8E1CAC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{CECE539D-D5AB-45CD-A477-D8CD5B53E51E}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{D32CB597-74B9-4421-9944-79B2D583BA3E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{D4AC44E8-C646-43E5-80D3-52FA8841B8A0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{D540B0F1-C46F-4A89-A9E8-38228C48C504}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DAB8E997-4F94-46E1-86FA-3FD1E7A4DF65}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DFBE70F5-FCA7-4CF4-967B-742A60B39EE0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0B5F689-594A-4789-9810-E3A82052F202}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{E4BD362D-5DEF-482F-91B0-1E05CCCADE6E}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{EB4DCD8D-7231-4295-A659-EE86A486C62D}" = protocol=17 | dir=in | app=c:\programdata\turbine\the lord of the rings online\turbinelauncher.exe |
"{EF0FAA57-E29F-4731-8561-CD85AFA0583D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{F3791CEF-2679-4707-AB80-0EEE6506A520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9C9D970-3ED4-44C9-8148-5AD18FE93E5F}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{F9D80F76-3E48-45BC-B250-B92E69F97157}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2772A034-42CE-493F-95D1-C5727445CE24}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{8462064A-9606-4E25-BF92-16EAEB842912}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
"{41410F2F-118B-4641-BDA9-47C3CEDE8A6A}" = AVG 2012
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{DFE4E6BB-70F0-4292-B7EB-7A3AD48EBB5C}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Dell Support Center" = Dell Support Center
"EPSON SX235 Series" = EPSON SX235 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}" = Dell MusicStage
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5DE11949-2B11-4F13-BAD5-1C237122CFDB}" = Lumac
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7451FD2D-1A23-4E67-92CD-8EDDD1846917}" = AVG PC TuneUp Language Pack (de-DE)
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}" = Dell Stage
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.2.2
"EPSON Scanner" = EPSON Scan
"EPSON SX235 Series Netg" = Netzwerkhandbuch EPSON SX235 Series
"EPSON SX235 Series Useg" = Benutzerhandbuch EPSON SX235 Series
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"foobar2000" = foobar2000 v1.1.14a
"InstallShield_{5DE11949-2B11-4F13-BAD5-1C237122CFDB}" = Lumac
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"IObit Uninstaller" = IObit Uninstaller 2.4
"IPCam Admin Utility_is1" = IPCam Admin v3.0.31
"IPCam Surveillance Software_is1" = IPCam Surveillance Software 3.0.4.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Summer Challenge_is1" = Summer Challenge
"Tomb Raider_is1" = Tomb Raider
"Usenet.nl_is1" = Usenet.nl
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.3
"X2TheThreat_is1" = X2 The Threat v1.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3978098729-3601256905-1607446451-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"lotro_highres_de" = Der Herr der Ringe Online
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.05.2013 16:42:33 | Computer Name = MyLaptop | Source = WinMgmt | ID = 10
Description =
Error - 13.05.2013 09:05:58 | Computer Name = MyLaptop | Source = WinMgmt | ID = 10
Description =
Error - 13.05.2013 13:06:31 | Computer Name = MyLaptop | Source = WinMgmt | ID = 10
Description =
Error - 14.05.2013 12:00:25 | Computer Name = MyLaptop | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 12.05.2013 16:46:08 | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 13.05.2013 09:06:50 | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 13.05.2013 09:07:20 | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 13.05.2013 13:04:19 | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 13.05.2013 13:07:03 | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 13.05.2013 13:07:33 | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 14.05.2013 12:01:03 | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
Error - 14.05.2013 12:01:33 | Computer Name = MyLaptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SftService erreicht.
< End of report >
[/CODE] |
|
15.05.2013, 09:38
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.05.2013, 17:54
| #26 |
| | Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen Die Ergebnisse von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.15.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 xxxxx:: MYLAPTOP [Administrator] 15.05.2013 17:43:24 mbam-log-2013-05-15 (17-43-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|U:\|V:\|W:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 396619 Laufzeit: 50 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
15.05.2013, 19:30
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen Was ist mit ESET?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.05.2013, 21:12
| #28 |
| | Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen ESET gerade beendet. Ist leider fündig geworden! Doch, sieh selbst: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=04fdf3319872404f8e880eaa2d2bc3cd
# engine=13835
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-15 06:04:04
# local_time=2013-05-15 08:04:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1034 16777213 100 78 5646 58305054 0 0
# compatibility_mode=5893 16776574 100 94 31968292 120270894 0 0
# scanned=78963
# found=5
# cleaned=0
# scan_time=3526
sh=FDD961E4391D57C89DDD3A4E32CB978638632100 ft=1 fh=0948b4d3a94f9909 vn="a variant of Win32/Injector.ABGM trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\xxxxx\AppData\Roaming\Kygad\xyifa.exe.vir"
sh=91EADD5F0E74FBFA0F68D7DA2B743D328A0632EE ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\xxxxx\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\121002225033537.rsc"
sh=FC34CB5A998AA709257EDEBD7FABB7727F43E967 ft=1 fh=17cf0ac4b0ea81a3 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="C:\Users\xxxxx\Downloads\AtdheNetApp_setup(17_1).exe"
sh=32E914C7459FCE1A86CC40753DBC00878A127F28 ft=1 fh=806342cb9570a442 vn="Win32/Adware.1ClickDownload.AE application" ac=I fn="C:\Users\xxxxx\Downloads\codec_pack_631802_ff.exe"
sh=E2CC449B635137266DDCCA03B6AA6E7A69826874 ft=1 fh=2480c636365be893 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="C:\Users\xxxxx\Downloads\IlemiTVApp_setup(47c42).exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=04fdf3319872404f8e880eaa2d2bc3cd
# engine=13835
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-15 08:02:31
# local_time=2013-05-15 10:02:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1034 16777213 100 78 12753 58312161 0 0
# compatibility_mode=5893 16776574 100 94 31975399 120278001 0 0
# scanned=179385
# found=5
# cleaned=0
# scan_time=7025
sh=FDD961E4391D57C89DDD3A4E32CB978638632100 ft=1 fh=0948b4d3a94f9909 vn="a variant of Win32/Injector.ABGM trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\xxxxx\AppData\Roaming\Kygad\xyifa.exe.vir"
sh=91EADD5F0E74FBFA0F68D7DA2B743D328A0632EE ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\xxxxx\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\121002225033537.rsc"
sh=FC34CB5A998AA709257EDEBD7FABB7727F43E967 ft=1 fh=17cf0ac4b0ea81a3 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="C:\Users\xxxxx\Downloads\AtdheNetApp_setup(17_1).exe"
sh=32E914C7459FCE1A86CC40753DBC00878A127F28 ft=1 fh=806342cb9570a442 vn="Win32/Adware.1ClickDownload.AE application" ac=I fn="C:\Users\xxxxx\Downloads\codec_pack_631802_ff.exe"
sh=E2CC449B635137266DDCCA03B6AA6E7A69826874 ft=1 fh=2480c636365be893 vn="Win32/Adware.1ClickDownload.W application" ac=I fn="C:\Users\xxxxx\Downloads\IlemiTVApp_setup(47c42).exe"
|
|
15.05.2013, 21:53
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen Das sind doch nur quarantänisierte Reste und Müll im Downloadordner! Löscht du da garnix raus?!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Firefox und Grafiktreiber stürzen ab, Trojaner lassen sich nicht entfernen |
| avg, entdeck, entfernen, entfernt, firefox, grafikkarte, hängt, internet, langsam, logfiles, löschung, meldung, neuinstallation, nicht mehr, nvidia, problem, scan, scannen, scanner, security, starten, treiber, trojaner, virenscan, virenscanner |
Textbox. 
Linear-Darstellung
