| |
| |||||||
Log-Analyse und Auswertung: Sporadische weiterleitungen bei Seitenaufrufe mit Browser, ständige FirefoxabstürzeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.06.2013, 09:35
| #1 |
| |  Sporadische weiterleitungen bei Seitenaufrufe mit Browser, ständige Firefoxabstürze Guten Morgen, ich versuch mal das Problem so gut es geht zu beschreiben. Ich bin mal so frei und verlinke erst mal auf einen anderen Beitrag hier, da sich die Probleme sehr ähnlich sind: http://www.trojaner-board.de/133782-...-3-2013-a.html Wenn ich per Firefox neue Seiten aufrufe, werde ich oft zuerst auf andere Seiten umgeleitet. ("pricerunner", irgendwelche Werbeseiten oder z.T. auch mir schon bekannte harmlose Seiten, wie Amazon.de oder Pnp.de) Wenn ich zurückgehe und die gewünschte Seite nochmals aufrufe funktioniert es meistens. Ich habe auch mal eine Zeitlang den IE probiert, da tritt das selbe Problem auf. Zusätzlich stürzt Firefox sporadisch ab. Manchmal alle paar Sekunden oder auch nur alle paar Stunden oder Tage. Dann taucht immer so ein Fehlerfenster von Mozilla auf ("Sorry das hätte nich passieren dürfen" oder so ähnlich). Wenn ich dann die letzte Sitzung wiederherstellen lasse, kommt es oft vor, das der FF sofort wieder in die Knie geht. Das Problem tritt unabhängig davon auf wie viele und welche Tabs ich geöffnet habe. Sehr selten kommt es auch vor das irgendein Dienst oder Prozess einen Fehler meldet und beendet wird. Welcher das ist weiß ich leider nicht mehr, da es schon länger nicht mehr vorkam. Soweit ich noch in Erinnerung habe irgendwas mit "Moz" (Mozilla???), kann also durchaus damit zusammenhängen. Beim IE konnte ich das Absturzproblem bissher nicht feststellen. Zusätzlich werden bei der Google-Suche oftmals keine Ergebnise angezeigt. Abhilfe schafft nur das erneute aufrufen der Suchseite in einem neuen Tab. Bei der Url-Suche (ebenfalls über Google) werden generell keine Ergebnisse mehr ausgespuckt. Inwiefern diese ganzen Probleme zusammenhängen kann ich nicht sagen, aber da sie alle ziemlich im gleichen Zeitraum zum ersten mal aufgetreten sind, macht sie das schon verdächtig. Das ganze kann auch schon einige Wochen her sein, da ich mich schon länger damit herumärgere. Eine Neuinstallation von FF hat keine Besserung gebracht, irgendwelche komischen unerwünschten Programme sind mir auch nicht aufgefallen. MSE und Spybot S&D haben ebenfalls nichts gefunden. Adwcleaner und eine RescueCD von Avira hab ich auch mal suchen lassen: Adwcleaner: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 10/06/2013 um 15:29:00 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tw8x077q.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1264 octets] - [09/06/2013 14:16:07]
AdwCleaner[R2].txt - [1324 octets] - [09/06/2013 14:16:24]
AdwCleaner[R3].txt - [845 octets] - [10/06/2013 15:29:00]
AdwCleaner[S1].txt - [1386 octets] - [09/06/2013 14:16:51]
########## EOF - C:\AdwCleaner[R3].txt - [964 octets] ##########
Avira Rescue-CD: Code:
ATTFilter Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.
WARNING: [This key has expired]
Initialization
engine set: 8.2.10.248
VDF Version: 7.11.60.106
update service: unavailable!
Scan start time: Mon Jun 10 13:37:49 2013
configuration file: /etc/avira/scancl.conf
WARNING: [File is encrypted] /media/Devices/sda2/dell/IMAGE/FACTORY.WIM --> object
WARNING: [All files in archive are encrypted] /media/Devices/sda2/dell/IMAGE/FACTORY.WIM --> object
WARNING: [File is encrypted] /media/Devices/sda2/preload/BASE.WIM --> object
WARNING: [All files in archive are encrypted] /media/Devices/sda2/preload/BASE.WIM --> object
WARNING: [File is encrypted] /media/Devices/sda3/Program Files (x86)/Dell DataSafe Local Backup/Components/DSUpdate/DSUpdate.dat
WARNING: [All files in archive are encrypted] /media/Devices/sda3/Program Files (x86)/InstallShield Installation Information/{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}/SupportFiles.7z
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/7-Zip-0000.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/7-Zip-0001.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/7-Zip-0002.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Cache-0000.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Cache-0001.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Cache-0002.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Cache-0003.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Cache-0004.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Cookie-0000.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Cookie-0001.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Cookie-0002.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Cookie-0003.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Cookie-0004.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Cookie-0005.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Gabest Media Player Classic-0000.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS Direct3D-0000.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS Direct3D-0001.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS Direct3D-0002.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS Direct3D-0003.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS Direct3D-0004.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS Direct3D-0005.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS DirectDraw-0000.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS DirectDraw-0001.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS DirectDraw-0002.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS DirectDraw-0003.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS DirectDraw-0004.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS DirectInput-0000.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Verlauf-0000.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Verlauf-0001.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Verlauf-0002.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Verlauf-0003.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Verlauf-0004.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Verlauf-0005.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Windows Explorer-0000.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Gabest Media Player Classic-0002.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Gabest Media Player Classic-0003.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Gabest Media Player Classic-0004.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Internet Explorer-0000.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Log-0000.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Log-0001.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Log-0002.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Log-0003.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Log-0004.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Log-0005.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Log-0006.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Log-0007.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Log-0008.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Log-0009.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Macromedia.FlashPlayer.Cookies-0000.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Macromedia.FlashPlayer.Cookies-0001.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Macromedia.FlashPlayer.Cookies-0002.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Macromedia.FlashPlayer.Cookies-0003.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Macromedia.FlashPlayer.Cookies-0004.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Macromedia.FlashPlayer.Cookies-0005.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Windows Explorer-0002.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Windows Explorer-0003.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Windows Media SDK-0000.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Windows Media SDK-0001.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Windows Media SDK-0002.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Windows Media SDK-0003.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Windows Media SDK-0004.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Windows.OpenWith-0000.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Windows.OpenWith-0001.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Windows.OpenWith-0002.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Windows.OpenWith-0003.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Gabest Media Player Classic-0001.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS DirectInput-0001.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/Windows Explorer-0001.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS DirectInput-0002.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS DirectInput-0003.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS DirectInput-0004.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS Media Player-0000.zip
WARNING: [File is encrypted] /media/Devices/sda3/ProgramData/Spybot - Search & Destroy/Quarantine/MS Paint-0000.zip
WARNING: [File is encrypted] /media/Devices/sda3/Users/***/Downloads/install_flashplayer11x32_mssd_aih.exe
WARNING: [Bad archive header] /media/Devices/sda3/WINDOWS/SysWOW64/config/systemprofile/AppData/LocalLow/Microsoft/CryptnetUrlCache/Content/94308059B57B3142E455B38A6EB92015
Statistics :
Dir
ectories............... : 22758
Archives.................. : 1907
Files..................... : 942123
Infected.............. : 0
Warnings.............. : 81
Suspicious............ : 0
Und hier noch die weiteren Logs: OTL: Code:
ATTFilter OTL logfile created on: 15.06.2013 20:25:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,87 Gb Total Physical Memory | 4,25 Gb Available Physical Memory | 72,31% Memory free 11,74 Gb Paging File | 9,93 Gb Available in Paging File | 84,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 917,66 Gb Total Space | 648,35 Gb Free Space | 70,65% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.15 20:24:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.03.13 15:33:30 | 000,187,912 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe PRC - [2012.11.13 15:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 15:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 15:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 15:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 15:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.02.27 11:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.02.16 19:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2012.01.27 04:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2012.01.27 04:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE PRC - [2012.01.20 23:29:28 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.01.20 23:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.01.12 22:33:44 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012.01.12 22:33:42 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2012.01.12 22:33:38 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012.01.12 22:33:36 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2011.11.30 03:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.30 03:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.05.18 09:00:58 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll MOD - [2013.05.18 09:00:48 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1e8f7367eaa08c5057d78c093982f8f0\System.IdentityModel.ni.dll MOD - [2013.05.18 09:00:47 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e698a866fd16973a24ca6697218028ad\System.ServiceModel.ni.dll MOD - [2013.05.15 17:15:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5dabd015d753b028750e4853dde12178\System.Windows.Forms.ni.dll MOD - [2013.05.15 17:13:27 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.15 17:13:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.02.15 17:43:21 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll MOD - [2013.02.15 15:04:48 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013.02.11 20:21:52 | 000,420,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\5b2d22a9f57c1fb02a00793ab5491e34\System.Xml.Linq.ni.dll MOD - [2013.02.11 20:21:25 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll MOD - [2013.02.11 17:32:52 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll MOD - [2013.02.11 17:32:52 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll MOD - [2013.02.10 10:40:45 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\83265111769de5cd294df17e6d762958\System.Runtime.Remoting.ni.dll MOD - [2013.02.10 10:40:37 | 002,351,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\79dfff0d59f51b89d72868f3ef6f495a\System.Runtime.Serialization.ni.dll MOD - [2013.02.10 10:40:35 | 000,259,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8f812cfc7750508f9a856abcf8339f89\SMDiagnostics.ni.dll MOD - [2013.02.10 10:40:33 | 005,459,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fa022967bdd1030211f9cadcab797520\System.Xml.ni.dll MOD - [2013.02.10 10:40:19 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.02.10 10:37:31 | 014,951,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\edf45cbbb9340770239e3a6cb95f5e75\PresentationFramework.ni.dll MOD - [2013.02.10 10:37:23 | 012,678,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\09594e500a32cd9a1e4ddf33b45b4e44\PresentationCore.ni.dll MOD - [2013.02.09 22:52:33 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013.02.09 22:51:05 | 001,597,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\229b5280b4e310f5e83657abbf257632\System.Drawing.ni.dll MOD - [2013.02.09 22:50:07 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.13 15:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 15:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 15:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 15:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 15:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.06.07 17:03:29 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.01.27 04:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2010.11.21 08:49:35 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll MOD - [2010.11.21 08:49:25 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.21 08:49:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.02.19 20:02:01 | 000,118,272 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysNative\NlsMexicons0001.exe -- (mcbvilder) SRV:64bit: - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2012.02.14 08:20:52 | 000,313,856 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2012.01.11 04:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2011.12.08 17:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:64bit: - [2011.12.08 17:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011.12.08 17:43:48 | 000,618,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011.12.08 17:43:44 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2011.12.05 16:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011.12.05 15:55:36 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2011.01.11 23:00:00 | 000,168,448 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) SRV:64bit: - [2011.01.11 23:00:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) SRV:64bit: - [2010.11.29 22:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.05.24 18:46:58 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.03.13 15:33:30 | 000,187,912 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery) SRV - [2012.10.08 12:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.07.13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.16 19:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService) SRV - [2012.02.02 20:10:22 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.01.20 23:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.01.20 23:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.01.12 22:33:44 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012.01.12 22:33:42 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2012.01.12 22:33:38 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2011.11.30 03:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.08.26 03:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.10.08 12:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.07 17:03:35 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.06.07 17:03:35 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.03.10 05:41:16 | 000,685,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.27 12:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.27 12:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.27 12:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.02.14 08:20:52 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012.02.10 20:05:42 | 000,398,144 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvstusb.sys -- (NvStUSB) DRV:64bit: - [2012.01.25 01:01:40 | 000,416,592 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2012.01.19 04:24:12 | 014,658,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.01.03 21:37:44 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.12.21 00:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011.12.21 00:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011.12.14 21:26:56 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2011.12.13 18:26:20 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.12.13 18:26:18 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.12.06 13:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.12.05 16:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.12.05 16:22:58 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.11.30 05:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.07.29 01:33:50 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR) DRV:64bit: - [2011.01.20 18:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2010.11.29 22:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2006.11.01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{2B2A7B5A-A9FE-4FA6-ABBE-89C88960534A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{2B2A7B5A-A9FE-4FA6-ABBE-89C88960534A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\..\SearchScopes,DefaultScope = {2B2A7B5A-A9FE-4FA6-ABBE-89C88960534A} IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: " hxxp://www.google.com/search?sourceid=navclient&hl=de&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.17 17:59:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.17 17:59:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.02.10 11:46:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2013.06.14 16:16:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tw8x077q.default\extensions [2013.06.14 16:16:54 | 000,201,229 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tw8x077q.default\extensions\jid0-GokC6R49cBZciOKniufAR4QKFWc@jetpack.xpi [2013.05.08 19:38:34 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tw8x077q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.06.10 15:36:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.06.10 15:36:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.02.10 21:34:07 | 000,445,034 | R--- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15284 more lines... O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe () O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BAC7C62-D6B6-4B98-BD81-B162B75BD500}: DhcpNameServer = 13.35.0.102 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{929BC3D3-016B-4086-84FE-6D8795BBCFF5}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\WINDOWS\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\WINDOWS\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.15 20:24:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.10 16:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Go PlayAlong [2013.06.02 19:27:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\com.desktop.wettercom [2013.05.25 12:43:49 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SpellForce [2013.05.25 12:40:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD [2013.05.25 12:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD [2013.05.25 12:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD [2013.05.17 17:59:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird ========== Files - Modified Within 30 Days ========== [2013.06.15 20:24:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.15 20:24:07 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.06.15 20:23:48 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.06.15 19:57:50 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.15 19:57:50 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.15 19:57:50 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.15 19:57:50 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.15 19:57:50 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.15 19:49:30 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.06.15 19:29:24 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.15 19:29:24 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.15 19:21:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.15 19:21:54 | 434,114,559 | -HS- | M] () -- C:\hiberfil.sys [2013.06.12 14:50:52 | 000,012,340 | ---- | M] () -- C:\Users\***\Documents\Auflistung Finanzen.ods [2013.06.10 16:29:06 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Go PlayAlong.lnk [2013.06.10 14:39:19 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.06.10 13:59:23 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.09 14:15:51 | 000,648,201 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.05.25 12:40:15 | 000,002,090 | ---- | M] () -- C:\Users\***\Desktop\SpellForce - Platinum Edition.lnk [2013.05.17 12:10:19 | 000,012,300 | ---- | M] () -- C:\Users\***\Documents\cc_20130517_121015.reg ========== Files Created - No Company Name ========== [2013.06.15 20:24:07 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.06.15 20:23:47 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.06.10 15:36:12 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.06.09 14:15:47 | 000,648,201 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.05.25 12:40:15 | 000,002,090 | ---- | C] () -- C:\Users\***\Desktop\SpellForce - Platinum Edition.lnk [2013.05.17 12:10:17 | 000,012,300 | ---- | C] () -- C:\Users\***\Documents\cc_20130517_121015.reg [2013.02.23 23:43:04 | 000,000,583 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini [2013.02.19 20:02:03 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.06.07 16:48:54 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.06.07 16:48:53 | 000,559,780 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.06.07 16:48:51 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.06.07 16:48:49 | 013,001,728 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.01.11 03:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.23 19:25:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2013.06.02 19:27:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.desktop.wettercom [2013.02.13 19:41:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.goplayalong.41DF8ADAAE31CA841C48A6C358D6E3DCCEC38798.1 [2013.03.13 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dpdhl.versandhelfer [2013.02.10 20:48:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fingertapps [2013.06.15 20:25:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000 [2013.02.24 18:56:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mediAvatar [2013.02.22 20:42:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.02.10 21:49:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > OLT Extras: Code:
ATTFilter OTL Extras logfile created on: 15.06.2013 20:25:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,87 Gb Total Physical Memory | 4,25 Gb Available Physical Memory | 72,31% Memory free
11,74 Gb Paging File | 9,93 Gb Available in Paging File | 84,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917,66 Gb Total Space | 648,35 Gb Free Space | 70,65% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AA66FF2-F287-4568-B81C-ACBD3E63BD62}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10CE7CD5-13BE-47E0-88A8-4DD2D83F79AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1712B1ED-E55E-41FD-B855-4625FA3B42E5}" = rport=445 | protocol=6 | dir=out | app=system |
"{17505B3C-6684-4B2B-A809-B40B6A3C16E2}" = rport=138 | protocol=17 | dir=out | app=system |
"{1BE8ABA1-4BD6-403B-98E7-63B1D5E9CEEE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{292BA48C-E366-4982-A918-B1CC78E793B7}" = lport=139 | protocol=6 | dir=in | app=system |
"{29C7143D-D775-4AE5-95E9-639BDA9D1F41}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2B4E467A-1985-46F6-84AF-A506255D5381}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2F805496-D953-4ED8-AE06-38C8B5ADBAF0}" = lport=137 | protocol=17 | dir=in | app=system |
"{322947AC-8B6C-4B1A-86A9-DF38D42C2D63}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3EBF92EA-CF04-444E-9E0A-3DF86F6A0689}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{51D2E23A-A9D6-419B-9DF0-A6CEA5E69DCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{817E3D40-3F06-4043-A769-C37C8E7E1D38}" = lport=445 | protocol=6 | dir=in | app=system |
"{AEFEAEF1-0F09-4357-A31E-3747C2ED3CCE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B39C0938-2E86-4DC0-853A-FD780DC2FD5A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B79A1264-715E-4D39-900C-0078375952DA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C0791FC4-3D29-450D-AFCF-A9C32D2D4BAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C43EBBCB-F8B9-4097-9C89-9FEF8C88C21D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D2569569-B024-4E56-91B4-2ED6624D7847}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D70F2588-04AB-4632-AEBA-E27F3640EE63}" = lport=138 | protocol=17 | dir=in | app=system |
"{DFE5FB8C-4016-487B-8585-BC6E2861E4B3}" = rport=139 | protocol=6 | dir=out | app=system |
"{E247F02C-D7B7-4DBF-8E27-0FE8F008B9DE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F609B526-830E-426C-A819-8082A80C9CA1}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D2FDDA5-A9B6-4759-AA0C-169F110477E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3260BFBE-2D21-4082-B02F-5872DABD7739}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{337DE57A-5F3B-4DEA-B3FC-137332D23C80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D1F4DE5-6BD1-440E-B15C-2F9734EB8043}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5191BDBF-C383-4617-947C-CCD05CA46502}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5682AF7F-1CDA-41B8-A8EE-94424E89263A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{58A9058C-76D2-4AA2-B501-E3496D301343}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{709AB99C-268A-465C-BABE-AAF2A5B966D2}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{71B29765-52D1-4EB5-808A-12AA1009F853}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7C34E7B2-EC79-41BD-AF13-B8005F67CA6A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A66630C1-B606-47FF-9A85-C91323AA3955}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABFC6F95-1D3A-439C-9B07-C3A483EE9674}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BCE60CF8-9D9A-4543-A057-52D6008AB524}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C430FCA0-7ACD-451B-90FB-336B3CDE6BA0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C91D6F8E-8E40-4A83-912B-1DB3B871BFD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD6CB53D-B16B-4F1E-AFBC-E57A63B069AB}" = protocol=6 | dir=out | app=system |
"{CF1FC33F-A8CB-468D-8084-78CE0550BE51}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4B7041A-DE9F-43AC-BC29-F9E7FD50A0B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D864FF99-A6A8-4694-B05B-77A689B6678E}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{E80377D8-DD3A-4A33-8385-F9F3124031B8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED4D6DBF-297D-47E2-91B5-94DC1227C830}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F12BDBD1-D1FC-49A1-97F8-95D5772E84FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FF4CE859-900E-4DFB-B1FD-ACFEC0DA9F3E}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi-Software
"{F0932859-AA60-459E-B843-0BDECA34E2C7}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Dell Support Center" = Dell Support Center
"EPSON SX235 Series" = EPSON SX235 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F68F89-FC69-CA21-EC2C-0BF8BAC84CE8}" = Versandhelfer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.5.6366
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E90B7F4-1817-4405-B4A5-E4EA5EC0E2B3}" = Dell MusicStage
"{4B3230C5-F069-416B-9169-1B84A216ED6A}" = Dell Digital Delivery
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel(R) WiDi
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA474397-D697-127E-61B9-BB12DCB37200}" = Go PlayAlong
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AviSynth" = AviSynth 2.5
"com.goplayalong.41DF8ADAAE31CA841C48A6C358D6E3DCCEC38798.1" = Go PlayAlong
"Dell Webcam Central" = Dell Webcam Central
"dpdhl.versandhelfer" = Versandhelfer
"DVD Decrypter" = DVD Decrypter (Remove Only)
"foobar2000" = foobar2000 v1.2.2
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SpellForce" = SpellForce
"WildTangent dell Master Uninstall" = WildTangent-Spiele
"WT089409" = Bejeweled 2 Deluxe
"WT089411" = Build-a-lot 2
"WT089412" = Cake Mania
"WT089413" = Chuzzle Deluxe
"WT089414" = Diner Dash 2 Restaurant Rescue
"WT089415" = Dora's World Adventure
"WT089418" = FATE
"WT089420" = Jewel Quest
"WT089422" = Jewel Quest Solitaire 2
"WT089433" = Polar Golfer
"WT089434" = Escape Whisper Valley (TM)
"WT089440" = Namco All-Stars PAC-MAN
"WT089444" = Final Drive Nitro
"WT089445" = Penguins!
"WT089446" = Wedding Dash - Ready, Aim, Love!
"WT089448" = Zuma Deluxe
"WT089450" = Farm Frenzy
"WT089452" = Plants vs. Zombies - Game of the Year
"WT089499" = Final Drive Fury
"WT089503" = Samantha Swift
"WT089507" = Luxor
"WT089508" = Polar Bowler
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.05.2013 10:30:19 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 29.05.2013 10:33:39 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften
Prozesses: 0x1420 Startzeit der fehlerhaften Anwendung: 0x01ce5c73df72bf8b Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
c04926c0-c86c-11e2-b079-685d43520589
Error - 29.05.2013 12:39:32 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.05.2013 12:50:48 | Computer Name = ***-PC | Source = System Restore | ID = 8193
Description =
Error - 29.05.2013 14:28:16 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 30.05.2013 11:48:18 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.05.2013 13:44:24 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.05.2013 13:55:18 | Computer Name = ***-PC | Source = System Restore | ID = 8193
Description =
Error - 31.05.2013 05:09:37 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 31.05.2013 12:53:35 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
[ Spybot - Search and Destroy Events ]
Error - 01.03.2013 14:00:38 | Computer Name = ***-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 26.03.2013 16:18:13 | Computer Name = ***-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 01.04.2013 04:55:59 | Computer Name = ***-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 01.05.2013 04:09:57 | Computer Name = ***-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 15.05.2013 10:55:37 | Computer Name = ***-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 08.06.2013 14:02:59 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 09.06.2013 05:14:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 09.06.2013 05:14:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 09.06.2013 06:00:24 | Computer Name = ***-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 09.06.2013 08:20:14 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 09.06.2013 08:20:14 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 09.06.2013 11:35:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 09.06.2013 11:35:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 10.06.2013 04:30:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 10.06.2013 04:30:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
GMER: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-15 20:55:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.01.0 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\uwdiypog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075461465 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2556] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000754614bb 2 bytes [46, 75]
.text ... * 2
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075461465 2 bytes [46, 75]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754614bb 2 bytes [46, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075461465 2 bytes [46, 75]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754614bb 2 bytes [46, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1992:3936] 000007fef5792888
Thread C:\Windows\system32\svchost.exe [1992:3868] 000007fef5792a40
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\685d43520589
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\685d43520589 (not active ControlSet)
---- EOF - GMER 2.1 ----
Ich hoffe ich hab nichts vergessen Das war es jetzt erst mal von mir soweit. Ich freue mich über jede Hilfe  Vielen Dank schonmal - Trystan |
| Themen zu Sporadische weiterleitungen bei Seitenaufrufe mit Browser, ständige Firefoxabstürze |
| autorun, avira, bho, browser, desktop, diner dash, error, firefox, flash player, helper, home, install.exe, internet, internet browser, internet explorer, logfile, mozilla, neue seite, nvpciflt.sys, plug-in, problem, prozess, realtek, registrierungsdatenbank, registry, rundll, security, sekunden, software, svchost.exe, usb, wildtangent games, windows, wscript.exe |
Baum-Darstellung